Uploaded image for project: 'Apache Knox'
  1. Apache Knox
  2. KNOX-2594

Add includeSubDomains to HSTS Support in WebAppSec Provider

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Invalid
    • Affects Version/s: None
    • Fix Version/s: 1.6.0
    • Component/s: Server
    • Labels:
      None

      Description

      HSTS has an additional directive that should be supported by our WebAppSec provider called includeSubDomains. This patch will extend the existing support to include optionally include it.

      As a reference, Shiro has such support for HSTS and includeSubDomains: https://github.com/apache/shiro/blob/main/web/src/main/java/org/apache/shiro/web/filter/authz/SslFilter.java

        Attachments

          Activity

            People

            • Assignee:
              lmccay Larry McCay
              Reporter:
              lmccay Larry McCay
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: