|Summary:||Implement RFC 6797 HTTP Strict Transport Security (HSTS)|
|Product:||Apache httpd-2||Reporter:||Takashi Sato <takashi.asfbugzilla>|
|Component:||mod_ssl||Assignee:||Apache HTTPD Bugs Mailing List <bugs>|
Description Takashi Sato 2013-05-02 03:32:51 UTC
Of course, admins can enable HSTS with mod_headers, for example: Header set Strict-Transport-Security "max-age=86400; includeSubDomains" but admins have to know the specification detail. Implementing it makes it easy to HSTS-ize.
Comment 1 Matafagafo 2014-11-12 12:37:09 UTC
If I not wrong, this is the only way to have HSTS enabled in APR, I'm correct ? If it's true, this become much more important, correct ?
Comment 2 Jeff Trawick 2014-11-12 12:43:37 UTC
>have HSTS enabled in APR What is "APR" here? (This issue is not applicable to Apache Portable Runtime -- libapr)
Comment 3 Matafagafo 2014-11-12 12:57:19 UTC
(In reply to Jeff Trawick from comment #2) > >have HSTS enabled in APR > > What is "APR" here? (This issue is not applicable to Apache Portable > Runtime -- libapr) You're right, with APR I mean Apache Portable Runtime, so, I'm sorry for the bug spam. And thanks for your response.
Comment 4 Joe Orton 2021-03-09 16:32:54 UTC
Patches welcome I guess, but given none are forthcoming in 8 years, I'm guessing nobody sees this as a pressing need.