[
https://issues.apache.org/jira/browse/OFBIZ-11717?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17112059#comment-17112059 ]
ASF subversion and git services commented on OFBIZ-11717:
---------------------------------------------------------
Commit 32a71c9af4a8fee8183ddee7eb4599e8854ce32b in ofbiz-framework's branch refs/heads/trunk from Jacques Le Roux
[
https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=32a71c9 ]
Improved: Clean how HTTP vs HTTPS is handled
(OFBIZ-11717)
No functional changes, just better comments
> Clean how HTTP vs HTTPS is handled
> -----------------------------------
>
> Key: OFBIZ-11717
> URL:
https://issues.apache.org/jira/browse/OFBIZ-11717> Project: OFBiz
> Issue Type: Improvement
> Components: ALL COMPONENTS
> Affects Versions: Trunk
> Reporter: Jacques Le Roux
> Assignee: Jacques Le Roux
> Priority: Minor
>
> To sum up, for a start:
> We now use [HSTS|
https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.md] and we have the http.request-map.list for the request which should be send not secured.
> So the https attribute of the request-map->security elements, which is false by default no longer makes any sense.
> My intention is to remove it, but it hides a number of other things. So we need to be careful. For instance, OFBIZ-11643 was a 1st aborted attempt. And anyway there is not security related so this is not an OFBIZ-1525 subtask
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
Locked
