How does ManageIQ handles HSTS? #21911
Replies: 2 comments 2 replies
-
I'm not sure we do, because from what I understand this is more of a domain thing, and ManageIQ doesn't actually control the domain it's deployed from? Perhaps I'm misunderstand what HSTS does. That being said, all of our SSL stuff lives in the httpd configuration here (for appliances) and here (for podified). We don't use Rails for SSL, so that's why the Rails setting is disabled. @kbrock Do you know? |
Beta Was this translation helpful? Give feedback.
-
My understanding is this is a header that can be set in the apache config combined with redirecting all non-443 traffic to https. We already do the latter (https://github.com/ManageIQ/manageiq-appliance/blob/master/COPY/etc/httpd/conf.d/manageiq-http.conf#L11-L16) |
Beta Was this translation helpful? Give feedback.
-
How does ManageIQ handles HSTS? I couldn't find any reference to it in any place, even the official documentation.
About HSTS (HTTP Strict Transport Security):
https://datatracker.ietf.org/doc/html/rfc6797
https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
Beta Was this translation helpful? Give feedback.
All reactions