KNOX-3113: Changed the default HSTS header for global config, skips c… #1008

hanicz · 2025-03-26T09:40:38Z

…opying the HSTS header if its already set

What changes were proposed in this pull request?

KNOX-3111 introduced a bug. If the global settings for HSTS is set and the topology wide setting is disabled the HSTS header is duplicated in case the proxied service also adds its own header. This PR adds verification to the response header copy method that checks whether this header is already set or not.

Also added includeSubDomains to the default global setting.

How was this patch tested?

New unit tests
Manually tests

…opying the HSTS header if its already set

moresandeep

looks good

…opying the HSTS header if its already set (apache#1008)

KNOX-3113: Changed the default HSTS header for global config, skips c…

8e2e1ba

…opying the HSTS header if its already set

moresandeep approved these changes Mar 26, 2025

View reviewed changes

pzampino approved these changes Mar 26, 2025

View reviewed changes

moresandeep merged commit 21aaa2d into apache:master Mar 27, 2025
2 checks passed

moresandeep pushed a commit to moresandeep/knox that referenced this pull request Mar 31, 2025

KNOX-3113: Changed the default HSTS header for global config, skips c…

1ffbada

…opying the HSTS header if its already set (apache#1008)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

KNOX-3113: Changed the default HSTS header for global config, skips c… #1008

KNOX-3113: Changed the default HSTS header for global config, skips c… #1008

hanicz commented Mar 26, 2025

moresandeep left a comment

KNOX-3113: Changed the default HSTS header for global config, skips c… #1008

KNOX-3113: Changed the default HSTS header for global config, skips c… #1008

Conversation

hanicz commented Mar 26, 2025

What changes were proposed in this pull request?

How was this patch tested?

moresandeep left a comment

Choose a reason for hiding this comment