Navigation Menu

Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add native support for HTTP Strict Transport Security (HSTS) #22612

Closed
DartBot opened this issue Mar 1, 2015 · 2 comments
Closed

Add native support for HTTP Strict Transport Security (HSTS) #22612

DartBot opened this issue Mar 1, 2015 · 2 comments
Labels
area-core-library SDK core library issues (core, async, ...); use area-vm or area-web for platform specific libraries. closed-obsolete Closed as the reported issue is no longer relevant library-io needs-info We need additional information from the issue author (auto-closed after 14 days if no response) type-enhancement A request for a change that isn't a bug

Comments

@DartBot
Copy link

DartBot commented Mar 1, 2015

This issue was originally filed by @Emasoft

Dart currently lacks native support for HTTP Strict Transport Security (HSTS). This is an essential security feature of any modern web development platform.
It should be implemented as part of the standard framework, in a usable and easy to enable way. With no dependency on third party libraries or tools.
@sethladd
Copy link
Contributor

sethladd commented Mar 1, 2015

cc @sgjesse.
cc @anders-sandholm.
Added Area-Library, Library-IO, Triaged labels.

@sgjesse
Copy link
Contributor

sgjesse commented Mar 2, 2015

HSTS on the server side is a matter of setting the header Strict-Transport-Security. The dart:io HttpServer have the defaultResponseHeaders property which can be used to set headers added to all responses. E.g.

  HttpServer server;
  ...
  server.defaultResponseHeaders.set('Strict-Transport-Security', 'max-age=31536000; includeSubDomains')

Is there anything else that is missing to support HSTS?

Added NeedsInfo label.

@DartBot DartBot added Type-Enhancement area-core-library SDK core library issues (core, async, ...); use area-vm or area-web for platform specific libraries. library-io needs-info We need additional information from the issue author (auto-closed after 14 days if no response) labels Mar 2, 2015
@kevmoo kevmoo added type-enhancement A request for a change that isn't a bug and removed priority-unassigned labels Mar 1, 2016
@matanlurey matanlurey added the closed-obsolete Closed as the reported issue is no longer relevant label Jun 25, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area-core-library SDK core library issues (core, async, ...); use area-vm or area-web for platform specific libraries. closed-obsolete Closed as the reported issue is no longer relevant library-io needs-info We need additional information from the issue author (auto-closed after 14 days if no response) type-enhancement A request for a change that isn't a bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@sethladd @kevmoo @matanlurey @sgjesse @DartBot