[
https://issues.apache.org/jira/browse/SOLR-15578?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17552630#comment-17552630
]
Jan Høydahl commented on SOLR-15578:
------------------------------------
Looks pretty simple:
[https://backstage.forgerock.com/docs/idm/7/security-guide/strict-transport-security.html]
(Add a child xml tag to the SecureRequestCustomizer in
server/etc/jetty-ssl.xml). We could leave a commented line in the file so all
they need to do is uncomment. Or perhaps it is easy to make it conditional on a
SysProp - don't know the jetty config capabilities well enough.
> Add Support for HSTS Security Protocol
> --------------------------------------
>
> Key: SOLR-15578
> URL: https://issues.apache.org/jira/browse/SOLR-15578
> Project: Solr
> Issue Type: Improvement
> Components: Server, v2 API
> Affects Versions: 9.0
> Reporter: Marcus Eagan
> Priority: Major
> Time Spent: 2h
> Remaining Estimate: 0h
>
> A committer raised the idea of a supporting HSTS protocol and I think it is a
> good idea. We can add it somewhat easily as an option.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
