HTTP Strict Transport Security (HSTS) header support is not conform spec #2122
Labels
3 - in progress
Someone is working on this ticket
t:core
Issues related to the akka-http-core module
Milestone
HSTS support in akka-http is not conform spec:
See below for a summary of the HSTS header definition.
HSTS header definition
The HSTS spec, Section 6 defines the HSTS header value through the following ABNF syntax:
From the ABNF spec, Section 2, the following parts are relevant:
Thus, the HSTS header value syntax can be rewritten to
In words, this means the value of the HSTS header has
In addition to this syntax, the HSTS spec, Section 6.1 imposes some requirements, summarized below insofar as relevant to this issue:
The text was updated successfully, but these errors were encountered: