Hello,
I am having trouble with getting HSTS to work after an upgrade to Confluence 7.13.2
Did anything change in the way I configure HSTS for a standalone Tomcat?
Here are the relevant parts of my web.xml:
<filter>
<filter-name>httpHeaderSecurity</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<async-supported>true</async-supported>
<init-param>
<param-name>hstsEnabled</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>hstsMaxAgeSeconds</param-name>
<param-value>31536000</param-value>
</init-param>
<init-param>
<param-name>antiClickJackingOption</param-name>
<param-value>SAMEORIGIN</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>httpHeaderSecurity</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
But when I reach the Website vi an IP-address (which is not part of its certificate) I can still add an exception and proceed?
There isnt much else I can do but to restart confluence. I know these modifications worked in a previous version....
Am I missing something here?
Regards
FSeifer
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.