View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0012881 | mantisbt | security | public | 2011-03-25 06:33 | 2016-09-05 01:19 |
Reporter | dhx | Assigned To | dhx | ||
Priority | normal | Severity | major | Reproducibility | N/A |
Status | closed | Resolution | fixed | ||
Product Version | 1.2.15 | ||||
Target Version | 1.3.0-beta.1 | Fixed in Version | 1.3.0-beta.1 | ||
Summary | 0012881: Add support for Strict-Transport-Security header | ||||
Description | When a MantisBT session is loaded in a secure browser session, tell the user browser to always use a secure connection on future visits. See http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security for a full description of what this HTTP header achieves. | ||||
Tags | No tags attached. | ||||
MantisBT: master 583cdbd8 2011-03-25 06:28 Details Diff |
Issue 0012881: Support Strict-Transport-Security header See http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security for a full description of what this header achieves. |
Affected Issues 0012881 |
|
mod - core/http_api.php | Diff File | ||
MantisBT: master-1.3.x 2e7fac44 2016-09-01 06:30 Committer: vboctor Details Diff |
Do not set HSTS header Enabling HTTP Strict-Transport-Security should be a decision made by the system administrator, and implemented at server level, probably site-wide and not just for MantisBT's PHP files. Furthermore, Mantis setting this header causes issues if it is already set for the server (invalid header), and may have unwanted side effects as described in 0021262. This reverts the change implemented to resolve issue 0012881. Fixes 0021262 |
Affected Issues 0012881, 0021262 |
|
mod - core/http_api.php | Diff File | ||
MantisBT: master 968f83a9 2016-09-01 06:30 Committer: vboctor Details Diff |
Do not set HSTS header Enabling HTTP Strict-Transport-Security should be a decision made by the system administrator, and implemented at server level, probably site-wide and not just for MantisBT's PHP files. Furthermore, Mantis setting this header causes issues if it is already set for the server (invalid header), and may have unwanted side effects as described in 0021262. This reverts the change implemented to resolve issue 0012881. Fixes 0021262 |
Affected Issues 0012881, 0021262 |
|
mod - core/http_api.php | Diff File |