Skip to content
This repository was archived by the owner on Jan 7, 2020. It is now read-only.
This repository was archived by the owner on Jan 7, 2020. It is now read-only.

HTTP Strict Transport Security (HSTS) is not implemented #808

Open
Open
HTTP Strict Transport Security (HSTS) is not implemented#808
Labels
ready
Milestone
1.7.0
@cwjohnston

Description

@cwjohnston
cwjohnston
opened on Jan 3, 2019

Expected Behavior

Uchiwa supports HTTP Strict Transport Security (HSTS) as a mechanism for protecting against protocol downgrade attacks and cookie hijacking.

Current Behavior

Uchiwa does not implement HSTS policy mechanism.

Context

Lack of HSTS headers over HTTPS connections leaves Uchiwa instances vulnerable to protocol downgrade attacks and cookie hijacking.

See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security for reference.

Your Environment

  • Uchiwa version used: 1.3.1
  • Sensu version used:
  • Operating System and version (e.g. Ubuntu 14.04):

Metadata

Metadata

Assignees

No one assigned

    Labels

    ready

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions