Details
-
Improvement
-
Status: Resolved
-
Minor
-
Resolution: Resolved
-
None
-
None
-
None
Description
HTTP Strict Transport Security (HSTS) would be a nice addition for all the SSL only sites out there. I think in recent years more and more pages have gone full SSL, with good reasons to do so. It is a bit problematic with SslFilter since this one is path based. If you go HSTS then everything on the site uses https. This might break thinks if you have a path with ssl and one without. You can do that with shiro but not with HSTS.
Attachments
Issue Links
- links to
