Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-18030

support HSTS (HTTP Strict Transport Security)

    XMLWordPrintable

Details

    • Task
    • Resolution: Done
    • P3: Somewhat important
    • 5.9
    • None
    • Network

    Description

      A server using HSTS sends a HTTP header (Strict-Transport-Security), and a time for which this header is valid (similar to a cache max-age attribute). Within that time, requests to the server should use https automatically, and not connect to the http version first and get a redirect to the https site. Second, it will turn all insecure links to secure links. Third, a user-agent complying to HSTS will not allow the user to proceed loading a web site upon SSL errors (e.g. certificate expired).
      E.g. paypal.com is already supporting this, so are Google Chrome and Firefox in recent versions.

      Attachments

        Issue Links

          relates to

          Suggestion - Public suggestions QTBUG-19143 HSTS

          • P3: Somewhat important - Should be fixed, but doesn't affect the release in any way.
          • Closed
          replaces

          Suggestion - Public suggestions QTBUG-19143 HSTS

          • P3: Somewhat important - Should be fixed, but doesn't affect the release in any way.
          • Closed
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              peter-har Peter Hartmann
              phartman Peter Hartmann (closed Nokia identity) (Inactive)
              Votes:
              3 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes