[
https://issues.apache.org/jira/browse/SHIRO-740?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Francois Papon resolved SHIRO-740.
----------------------------------
Resolution: Resolved
> SslFilter with HTTP Strict Transport Security (HSTS)
> ----------------------------------------------------
>
> Key: SHIRO-740
> URL: https://issues.apache.org/jira/browse/SHIRO-740
> Project: Shiro
> Issue Type: Improvement
> Reporter: Francois Papon
> Assignee: Francois Papon
> Priority: Minor
> Fix For: 2.0.0, 1.7.0
>
> Time Spent: 1h 10m
> Remaining Estimate: 0h
>
> HTTP Strict Transport Security (HSTS) would be a nice addition for all the
> SSL only sites out there. I think in recent years more and more pages have
> gone full SSL, with good reasons to do so. It is a bit problematic with
> SslFilter since this one is path based. If you go HSTS then everything on the
> site uses https. This might break thinks if you have a path with ssl and one
> without. You can do that with shiro but not with HSTS.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
