How to enable HSTS (HTTP Strict Transport Security) in Red Hat OpenStack Platform
Issue
- Currently it is possible to enable SSL/TLS everywhere in your Overcloud via utilising the
novajoin
ortripleo-ipa
methods. - By default if SSL is enabled in Horizon, the
X-Forwarded-For
header is set, but not theStrict-Transport-Security
header which HSTS provides. - HSTS, (which operates at the browser level), is important to protect from downgrade attacks, man-in-the-middle attacks, and session hijacking. It does so by preventing the page from being loaded without HTTPS.
Environment
- Red Hat OpenStack Platform 13 (RHOSP 13)
- Red Hat OpenStack Platform 16 (RHOSP 16)
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.