- πΊπΈUnited States pbabin
For those of you in Acquia Cloud Site Factory seeing this feature request, you can set a Strict-Transport-Security header using a factory hook and this won't be an issue.
Some hosts (such as Acquia) do not allow you to set HSTS headers with .htaccess or other Apache mechanisms. This means that the code needs to be responsible for setting it. Also, simplesamlphp is a supported SAML platform for Acquia.
Acquia recommends the use of the " Security Kit β " module in order to set this. This has the benefit of setting it on every page on the site. However, because this module interrupts Drupal's bootstrapping simplesamlphp_auth redirects you to the IdP before seckit has a chance to respond.
On any site with this module installed, enabled, and configured:
Note: If you want to confirm that seckit is not setting the HSTS headers, have that installed and configured first.
Provide an optional integration with the Security Kit module to set the HSTS headers, as well as any other relevant headers that Security Kit allows you to set.
Security Kit has a large installed base, and is one of Acquia's recommended modules to set HSTS.
[ ] Determine if this integration is worthwhile.
[ ] If it is worthwhile, what is the integration approach?
TBD - Depends on integration approach.
TBD - Depends on integration approach.
None expected.
Active
3.2
Code
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
For those of you in Acquia Cloud Site Factory seeing this feature request, you can set a Strict-Transport-Security header using a factory hook and this won't be an issue.