[
https://issues.apache.org/jira/browse/KNOX-3111?focusedWorklogId=962737&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-962737
]
ASF GitHub Bot logged work on KNOX-3111:
----------------------------------------
Author: ASF GitHub Bot
Created on: 20/Mar/25 13:09
Start Date: 20/Mar/25 13:09
Worklog Time Spent: 10m
Work Description: pzampino commented on PR #1007:
URL: https://github.com/apache/knox/pull/1007#issuecomment-2740404568
> > How does this affect behavior when topology-level config exists for the
same?
>
> If both are enabled and there is a request for that specific topology the
WebAppSec configuration will take precedence.
Is there a test for that?
Issue Time Tracking
-------------------
Worklog Id: (was: 962737)
Time Spent: 0.5h (was: 20m)
> HSTS headers are missing for 404 responses
> ------------------------------------------
>
> Key: KNOX-3111
> URL: https://issues.apache.org/jira/browse/KNOX-3111
> Project: Apache Knox
> Issue Type: Improvement
> Components: Server
> Affects Versions: 2.2.0
> Reporter: Tamás Hanicz
> Assignee: Tamás Hanicz
> Priority: Major
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> Strict-Transport-Security header is missing for 404 responses. The
> "strict.transport.enabled" configuration is set in the WebAppSec provider
> topology wide. To include the header on 404 as well jetty has to be
> configured with a custom handler. However this is a global configuration
> which would mean every response will include this header.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
