Heya, On 03.10.2012 10:48, Markus Lanthaler wrote: > I've just saw that the HTTP Strict Transport Security (HSTS) draft was > approved [1] and will soon be published as an official standard. Since > Symfony already provides a way to force the use of HTTPS [2] I thought it > might be a good idea to complement this with the "Strict-Transport-Security" > HTTP header. The spec [3] is quite long but the implementation would > actually quite easy. There's even sample code for PHP on Wikipedia [4].
Not sure if this belongs in core or not given the configuration requirements (it's not a simple on/off feature), but FYI the feature is provided by the NelmioSecurityBundle: https://github.com/nelmio/NelmioSecurityBundle#forced-httpsssl-handling Cheers -- Jordi Boggiano @seldaek - http://nelm.io/jordi -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
