Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-2437

Enforce HSTS to require HTTPS connections if available

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 1.0.0
    • 1.9.0
    • Core Framework

    Description

      HTTP Strict Transport Security (HSTS) [1] [2] is a feature of HTTP which instructs browsers/clients to only communicate with a resource over HTTPS. It is implemented via a header sent in the response and future connections will require HTTPS.

      [1] https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
      [2] https://www.owasp.org/index.php/HTTP_Strict_Transport_Security_Cheat_Sheet

      Attachments

        1. Screen Shot 2016-10-28 at 7.54.30 PM.png
          224 kB
          Andy LoPresto
        2. Screen Shot 2016-10-28 at 7.53.51 PM.png
          465 kB
          Andy LoPresto
        3. Screen Shot 2016-10-28 at 7.51.47 PM.png
          413 kB
          Andy LoPresto
        4. Screen Shot 2016-10-28 at 7.51.07 PM.png
          452 kB
          Andy LoPresto
        5. Screen Shot 2016-10-28 at 7.50.04 PM.png
          531 kB
          Andy LoPresto
        6. Screen Shot 2016-10-28 at 7.47.00 PM.png
          300 kB
          Andy LoPresto
        7. Screen Shot 2016-10-28 at 7.46.46 PM.png
          559 kB
          Andy LoPresto
        8. Screen Shot 2016-10-28 at 7.46.37 PM.png
          624 kB
          Andy LoPresto
        9. Screen Shot 2016-10-28 at 7.45.53 PM.png
          641 kB
          Andy LoPresto
        10. Screen Shot 2016-10-28 at 7.45.01 PM.png
          440 kB
          Andy LoPresto

        Issue Links

          Is contained by

          Epic - Created by Jira Software - do not edit or delete. Issue type for a big user story that needs to be broken down. NIFI-5458 Improve NiFi TLS and certificate management

          • Major - Major loss of function.
          • Resolved
          is fixed by

          Improvement - An improvement or enhancement to an existing feature or task. NIFI-5968 Add standard HTTP security headers

          • Major - Major loss of function.
          • Resolved
          is related to

          Improvement - An improvement or enhancement to an existing feature or task. NIFI-5587 Implement HPKP header

          • Major - Major loss of function.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. NIFI-5968 Add standard HTTP security headers

          • Major - Major loss of function.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. NIFI-6094 Add X-Content-Type-Options header

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              thenatog Nathan Gough
              alopresto Andy LoPresto
              Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: