You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In order to tune HSTS per application requirements, users want better docs on HSTS tuning
Acceptance Criteria
WHEN I read (the HSTS docs)[https://cloud.gov/docs/compliance/domain-standards/#hsts-preloading]
THEN I should see steps I need to take to override the defaults
WHEN I read (the HSTS docs)[https://cloud.gov/docs/compliance/domain-standards/#hsts-preloading]
THEN I should see a caveat that overrides don't affect the http -> https redirect since the app is not consulted before redirecting
Security considerations
This should make it easier for users to comply with security and compliance guidance
In order to tune HSTS per application requirements, users want better docs on HSTS tuning
Acceptance Criteria
THEN I should see steps I need to take to override the defaults
THEN I should see a caveat that overrides don't affect the http -> https redirect since the app is not consulted before redirecting
Security considerations
This should make it easier for users to comply with security and compliance guidance
Implementation sketch
This is a follow-up on cloud-gov/secureproxy-boshrelease#61
We should check our language other places we talk about headers we set, as well.
The text was updated successfully, but these errors were encountered: