Deprecate HPKP security header #10144
Labels
in: web
An issue in web modules (web, webmvc)
status: ideal-for-contribution
An issue that we actively are looking for someone to help us with
type: enhancement
A general enhancement
Milestone
Related #4261
Expected Behavior
Since the
HPKP
HeaderSupport has been deprecated by the browsers in order to supportExpect-CT
security header, we should deprecate its DSL.Current Behavior
Spring Security project supports
Public-Key-Pins
header.Reference
https://scotthelme.co.uk/hpkp-is-no-more/
https://scotthelme.co.uk/a-new-security-header-expect-ct/
The text was updated successfully, but these errors were encountered: