[ https://issues.apache.org/jira/browse/SHIRO-740?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Brian Demers updated SHIRO-740: ------------------------------- Fix Version/s: (was: 1.6.1) > SslFilter with HTTP Strict Transport Security (HSTS) > ---------------------------------------------------- > > Key: SHIRO-740 > URL: https://issues.apache.org/jira/browse/SHIRO-740 > Project: Shiro > Issue Type: Improvement > Reporter: Francois Papon > Assignee: Francois Papon > Priority: Minor > Fix For: 2.0.0 > > Time Spent: 1h 10m > Remaining Estimate: 0h > > HTTP Strict Transport Security (HSTS) would be a nice addition for all the > SSL only sites out there. I think in recent years more and more pages have > gone full SSL, with good reasons to do so. It is a bit problematic with > SslFilter since this one is path based. If you go HSTS then everything on the > site uses https. This might break thinks if you have a path with ssl and one > without. You can do that with shiro but not with HSTS. -- This message was sent by Atlassian Jira (v8.3.4#803005)