Uploaded image for project: 'Camunda Optimize'
  1. Camunda Optimize
  2. OPT-6724

Increase default HSTS header max age to 2 years

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Fixed
    • Icon: L3 - Default L3 - Default
    • 3.10.0-alpha4, 3.9.4
    • None
    • backend
    • None
    • Not defined

      As per INFOSEC-67, we should increase the default max age to 2 years rather than the existing one year. This is in line with recommended values.

      ATs:

      • The default value is set to 2 years in our config
      • The value can be overridden via environment variable
      • Our documentation is updated to reflect the change

      Testing notes:

      • The setting can be configured with env var: 

      CAMUNDA_OPTIMIZE_SECURITY_RESPONSE_HEADERS_HSTS_MAX_AGE

        This is the controller panel for Smart Panels app

            [OPT-6724] Increase default HSTS header max age to 2 years

            Joshua Windels created issue -
            Joshua Windels made changes -
            Link New: This issue is related to INFOSEC-67 [ INFOSEC-67 ]
            Joshua Windels made changes -
            Status Original: Triage [ 10612 ] New: Ready [ 10005 ]
            Joshua Windels made changes -
            Status Original: Ready [ 10005 ] New: In Development [ 10312 ]
            Joshua Windels made changes -
            Description Original: As per INFOSEC-67, we should increase the default max age to 2 years rather than the existing one year. This is in line with recommended values.

            *ATs:*
             * The default value is set to 2 years in our config
             * The value can be overridden via environment variable
             * Our documentation is updated to reflect the change             		New: As per INFOSEC-67, we should increase the default max age to 2 years rather than the existing one year. This is in line with recommended values.

            *ATs:*
             * The default value is set to 2 years in our config
             * The value can be overridden via environment variable
             * Our documentation is updated to reflect the change

            *Testing notes:*

            - The setting can be configured with env var: 

            CAMUNDA_OPTIMIZE_SECURITY_RESPONSE_HEADERS_HSTS_MAX_AGE
            Joshua Windels made changes -
            Assignee Original: Joshua Windels [ joshua.windels ] New: Helene Waechtler [ helene.waechtler ]
            Status Original: In Development [ 10312 ] New: In Review [ 10212 ]
            Helene Waechtler made changes -
            Assignee Original: Helene Waechtler [ helene.waechtler ] New: Cigdem Ilhan [ cigdem.ilhan ]
            Status Original: In Review [ 10212 ] New: In Test [ 10004 ]
            Cigdem Ilhan made changes -
            Assignee Original: Cigdem Ilhan [ cigdem.ilhan ]
            Resolution New: Fixed [ 1 ]
            Status Original: In Test [ 10004 ] New: Done [ 10010 ]
            Joshua Windels made changes -
            Fix Version/s New: 3.10.0-alpha4 [ 17993 ]
            Joshua Windels made changes -
            Fix Version/s New: 3.9.4 [ 17996 ]

              Unassigned Unassigned
              joshua.windels Joshua Windels
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: