close

Filter

loading table of contents...

Release Notes / Version 10.2101

Table Of Contents

HTTP Strict-Transport-Security response header is not set by Apache anymore

The Apache that is deployed and configured by the provided Chef deployment was always setting the HTTP Strict-Transport-Security response header for HTTP and HTTPS requests. The HTTP Strict-Transport-Security header is not needed for HTTP requests and for HTTPS requests it was set twice, with different values, which leads to undefined behavior. As the CAE always sets the HTTP Strict-Transport-Security header (only) when it's actually required, it has been disabled in the Apache configuration.

(CMS-16146)

Search Results

Table Of Contents