[
https://issues.apache.org/jira/browse/OFBIZ-6766?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15058500#comment-15058500
]
Jacques Le Roux edited comment on OFBIZ-6766 at 12/15/15 6:39 PM:
------------------------------------------------------------------
strict-transport-security (hst header) was done with r1719660 and
"blockContentTypeSniffingEnabled" (aka "x-content-type-options", "nosniff") was
already done with r1719939 (sorry it's maybe hard to follow the commits flow
because I have to test different strategies)
BTW, this is a WIP, I know there are still some weak parts I don't want to
disclose, please be patient :)
was (Author: jacques.le.roux):
strict-transport-security (hst header) was done with r1719660 and
"blockContentTypeSniffingEnabled" (aka "x-content-type-options", "nosniff") was
already done with r1719939 (sorry it's maybe hard to follow the commits flow
because I have to test different strategies)
BTW, this is a WIP, I know there are still some weak parts, please be patient :)
> Secure HTTP headers
> -------------------
>
> Key: OFBIZ-6766
> URL: https://issues.apache.org/jira/browse/OFBIZ-6766
> Project: OFBiz
> Issue Type: Sub-task
> Components: framework
> Affects Versions: Trunk
> Reporter: Jacques Le Roux
> Assignee: Jacques Le Roux
> Fix For: Upcoming Branch
>
>
> I have created a wiki page for this
> https://cwiki.apache.org/confluence/display/OFBIZ/How+to+Secure+HTTP+Headers
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
