Article Details
| Id: | 18150 |
| Product: | finPOWER Connect Cloud |
| Type: | NEW |
| Version: | 3.04.00.28 |
| Opened: | 04/05/2021 |
| Closed: | 06/05/2021 |
| Released: | 01/07/2021 |
| Job: | J026499 |
HTTP Header "Strict-Transport-Security" now set when not configured to "Allow HTTP Access"
When finPOWER Connect Cloud is not configured to "Allow HTTP Access", as it should be in any production environment, an HTTP Header "Strict-Transport-Security" (HSTS) is now sent.
This header instructs browsers to not allow any unsecure requests to the same domain for 1 year.
When testing in a non-production environment, HSTS can be cleared as detailed in this blog:https://www.thesslstore.com/blog/clear-hsts-settings-chrome-firefox/