This repository was archived by the owner on Jan 8, 2024. It is now read-only.
This repository was archived by the owner on Jan 8, 2024. It is now read-only.
Encourage HSTS in SDK #16
Description
HTTP Strict Transport Security concept should be implemented for all client APIs
This means that no request should never be sent from the client
to the server without TLS (not even the initial request).
Only exception is if the user/admin explicitly indicates so (e.g., running client in secured cluster)
Multiple bold warnings need to be added in the specifications and wiki to warn the user of using it outside of secure environments