New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[management-api] Allow management-api to use HTTPS without HSTS header. #1459

Closed
MiguelTVMS opened this Issue Aug 30, 2018 · 0 comments

Comments

Projects
None yet
4 participants
@MiguelTVMS

MiguelTVMS commented Aug 30, 2018

The user should be able to us the management api and management ui in the same DNS using only different ports.

Expected Behavior

Being able to disable the HSTS header in the management API.

Current Behavior

When you set the management API to run on HTTPS it enables the HSTS header, and there's no way to disable it.

Possible Solution

Adding some setting on the management api https settings allowing the user the disable the HSTS header. Or even better, allow the user the configure this header.

Steps to Reproduce (for bugs)

  1. Make the management api run with HTTPS enabled in a custom DNS on any port.
  2. Make the management UI run in the same custom DNS on other port.
  3. Just after the first hit from the UI to the API everything stop working.

Context

I'm trying the use the same DNS for the management-ui and management-api only changing the ports.

Your Environment

  • Version used: v.1.18.2
  • Operating System and version: Your docker images.

brasseld added a commit to gravitee-io/gravitee-management-rest-api that referenced this issue Sep 6, 2018

@brasseld brasseld self-assigned this Sep 6, 2018

@brasseld brasseld added this to the 1.19.0 milestone Sep 6, 2018

@brasseld brasseld changed the title from Allow management-api to use HTTPS without HSTS header. to [management-api] Allow management-api to use HTTPS without HSTS header. Sep 7, 2018

NicolasGeraud added a commit to gravitee-io/gravitee-management-rest-api that referenced this issue Sep 8, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment