How to enable HSTS (HTTP Strict Transport Security) in Red Hat OpenStack Platform

Solution Verified - Updated -

Issue

  • Currently it is possible to enable SSL/TLS everywhere in your Overcloud via utilising the novajoin or tripleo-ipa methods.
  • By default if SSL is enabled in Horizon, the X-Forwarded-For header is set, but not the Strict-Transport-Security header which HSTS provides.
  • HSTS, (which operates at the browser level), is important to protect from downgrade attacks, man-in-the-middle attacks, and session hijacking. It does so by preventing the page from being loaded without HTTPS.

Environment

  • Red Hat OpenStack Platform 13 (RHOSP 13)
  • Red Hat OpenStack Platform 16 (RHOSP 16)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content