Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-2437

Enforce HSTS to require HTTPS connections if available

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 1.0.0
    • 1.9.0
    • Core Framework

    Description

      HTTP Strict Transport Security (HSTS) [1] [2] is a feature of HTTP which instructs browsers/clients to only communicate with a resource over HTTPS. It is implemented via a header sent in the response and future connections will require HTTPS.

      [1] https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
      [2] https://www.owasp.org/index.php/HTTP_Strict_Transport_Security_Cheat_Sheet

      Attachments

        1. Screen Shot 2016-10-28 at 7.45.01 PM.png
          440 kB
          Andy LoPresto
        2. Screen Shot 2016-10-28 at 7.45.53 PM.png
          641 kB
          Andy LoPresto
        3. Screen Shot 2016-10-28 at 7.46.37 PM.png
          624 kB
          Andy LoPresto
        4. Screen Shot 2016-10-28 at 7.46.46 PM.png
          559 kB
          Andy LoPresto
        5. Screen Shot 2016-10-28 at 7.47.00 PM.png
          300 kB
          Andy LoPresto
        6. Screen Shot 2016-10-28 at 7.50.04 PM.png
          531 kB
          Andy LoPresto
        7. Screen Shot 2016-10-28 at 7.51.07 PM.png
          452 kB
          Andy LoPresto
        8. Screen Shot 2016-10-28 at 7.51.47 PM.png
          413 kB
          Andy LoPresto
        9. Screen Shot 2016-10-28 at 7.53.51 PM.png
          465 kB
          Andy LoPresto
        10. Screen Shot 2016-10-28 at 7.54.30 PM.png
          224 kB
          Andy LoPresto

        Issue Links

        Is contained by

        Epic - Created by Jira Software - do not edit or delete. Issue type for a big user story that needs to be broken down. NIFI-5458 Improve NiFi TLS and certificate management

        • Major - Major loss of function.
        • Resolved
        is fixed by

        Improvement - An improvement or enhancement to an existing feature or task. NIFI-5968 Add standard HTTP security headers

        • Major - Major loss of function.
        • Resolved
        is related to

        Improvement - An improvement or enhancement to an existing feature or task. NIFI-5587 Implement HPKP header

        • Major - Major loss of function.
        • Resolved

        Improvement - An improvement or enhancement to an existing feature or task. NIFI-5968 Add standard HTTP security headers

        • Major - Major loss of function.
        • Resolved

        Improvement - An improvement or enhancement to an existing feature or task. NIFI-6094 Add X-Content-Type-Options header

        • Major - Major loss of function.
        • Resolved

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            thenatog Nathan Gough
            alopresto Andy LoPresto
            Votes:
            1 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment