[ https://issues.apache.org/jira/browse/OFBIZ-6766?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15058500#comment-15058500 ]
Jacques Le Roux edited comment on OFBIZ-6766 at 12/15/15 6:39 PM: ------------------------------------------------------------------ strict-transport-security (hst header) was done with r1719660 and "blockContentTypeSniffingEnabled" (aka "x-content-type-options", "nosniff") was already done with r1719939 (sorry it's maybe hard to follow the commits flow because I have to test different strategies) BTW, this is a WIP, I know there are still some weak parts I don't want to disclose, please be patient :) was (Author: jacques.le.roux): strict-transport-security (hst header) was done with r1719660 and "blockContentTypeSniffingEnabled" (aka "x-content-type-options", "nosniff") was already done with r1719939 (sorry it's maybe hard to follow the commits flow because I have to test different strategies) BTW, this is a WIP, I know there are still some weak parts, please be patient :) > Secure HTTP headers > ------------------- > > Key: OFBIZ-6766 > URL: https://issues.apache.org/jira/browse/OFBIZ-6766 > Project: OFBiz > Issue Type: Sub-task > Components: framework > Affects Versions: Trunk > Reporter: Jacques Le Roux > Assignee: Jacques Le Roux > Fix For: Upcoming Branch > > > I have created a wiki page for this > https://cwiki.apache.org/confluence/display/OFBIZ/How+to+Secure+HTTP+Headers -- This message was sent by Atlassian JIRA (v6.3.4#6332)