Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-11003

HSTS support for puppet server

    XMLWordPrintable

Details

    • Improvement
    • Status: Closed
    • Normal
    • Resolution: Won't Do
    • None
    • None
    • Networking
    • None
    • RHEL 7 (x86_64)
    • Needs Assessment

    Description

      Puppet Version: 5.5.8
      Puppet Server Version: 5.3.6
      OS Name/Version: Linux (RHEL7)

      For FedRAMP certification for use in a FedRAMP environment, the server needs to conform to the HTTP Strict Transport Security (HSTS) web server policy. This configuration is not present in the current code base.

      Desired Behavior:

      Should produce a Strict-Security header like so:

      Strict-Security: max-age=31536000; includeSubDomains;

      Actual Behavior:

      No Strict-Security header is present in server responses.

       

      Attachments

        Activity

          People

            Unassigned Unassigned
            jeffatrave Jeffrey Buchbinder
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Zendesk Support