Allow to configure max-age for HSTS(HTTP Strict Transport Security)
HSTS is helpful to bring more protection to users, but on the other
hand, it locks down users to use HTTPS only until max-age expires. To
enable HSTS, admins must enable enforce-ssl option and set non-zero
value to hsts-max-age-seconds explicitly.
Reviewed: https:/ /review. openstack. org/511898 /git.openstack. org/cgit/ openstack/ charm-openstack -dashboard/ commit/ ?id=1d45c57fd27 b1049e5663b6814 ded08a52cbf3a4
Committed: https:/
Submitter: Zuul
Branch: master
commit 1d45c57fd27b104 9e5663b6814ded0 8a52cbf3a4
Author: Nobuto Murata <email address hidden>
Date: Fri Oct 13 10:53:09 2017 -0400
Allow to configure max-age for HSTS(HTTP Strict Transport Security)
HSTS is helpful to bring more protection to users, but on the other age-seconds explicitly.
hand, it locks down users to use HTTPS only until max-age expires. To
enable HSTS, admins must enable enforce-ssl option and set non-zero
value to hsts-max-
Content Security Policy (CSP) is not enabled this time. Horizon upstream /bugs.launchpad .net/horizon/ +bug/1618024
may need some work: https:/
Change-Id: I7fd774ba9a1c29 2d51625d6d36a08 6b2a531ae75
Partial-Bug: #1713202