Closed dkelosky closed 4 years ago
I'll casually experiment why https://github.com/zowe/sample-spring-boot-api-service/blob/master/zowe-rest-api-sample-spring/src/main/java/org/zowe/sample/apiservice/config/WebSecurityConfig.java#L34
doesn't seem to take effect here.
The sample application should not set HSTS headers. If it does then it is a bug. I do not think that the sample does that. It can be set by another app running on the same host because this setting applies to the host and the port is ignored.
There are two options as a workaround:
It would be good to find out what service sets it because. HSTS is a useful mechanism on production servers since it enforces HTTPS to be required by modern browsers. But it can be limiting on development systems since it forbids self-signed certificates and HTTP connections which can be useful during development.
Hi Petr,
Option 2 worked for me, but I don't really understand why. I'll close this in the meantime and later adjust my Chrome config.
Thank you, Dan
I'm not sure if there was a change in the repo or in Chrome, but when I attempt to see the swagger UI for a service deployed to z/OS in by browser I now get this error (which I can no longer bypass in Chrome):
Has there been some change to cause this?