JustinKyleJames
commented
2 years ago Looking into this more, there is a way to have Apache send this header. In light of this I am closing this issue.
Closed JustinKyleJames closed 2 years ago
JustinKyleJames
commented
2 years ago Looking into this more, there is a way to have Apache send this header. In light of this I am closing this issue.
We should provide an option to do the following. This should be configurable as not all installations will require TLS.
The application should instruct web browsers to only access the application using HTTPS. To do this, enable HTTP Strict Transport Security (HSTS) by adding a response header with the name 'Strict-Transport-Security' and the value 'max-age=expireTime', where expireTime is the time in seconds that browsers should remember that the site should only be accessed using HTTPS