Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
See what Drew Clarke has to say about the Qlik Talend Cloud launch! READ THE BLOG
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
tevkar1
Contributor III
Contributor III
‎2024-04-29 06:12 AM

Qlik Web Connector - HSTS configuration

Hi,

We have a Qlik Web Connector running June 2023 edition. We want to enable HSTS policy so that it applies only to the machine itself:

 

Strict-Transport-Security:  max-age=31536000

 

 

When I enable HSTS via the <RequireHSTS> directive at deploy.config, HSTS is enabled for subdomains as well:

 

$ curl -s -D- https://xxxx.xxxx.xxxx
....
Server: Microsoft-HTTPAPI/2.0
X-Content-Type-Options: nosniff
x-frame-options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
....

 

 

Is it possible to override that behaviour ?

Kind regards

 

Labels (1)
Labels
225 Views
1 Solution

Accepted Solutions
Sebastian_Linser
Support
Support
‎2024-04-29 01:11 PM

@tevkar1 Unfortunatelly you can't configure it further as of now. Please raise a feature request with Qlik.

https://community.qlik.com/t5/Official-Support-Articles/How-To-Submit-an-Idea-or-Propose-and-Improve...

 

It could be either for a custom header, so you can just add your own, or a second version of HSTS without the IncludeSubdomain option.

best regards

Sebastian

Help users find answers! Don't forget to mark a solution that worked for you! 🙂

View solution in original post

189 Views
0 Likes
1 Reply
Sebastian_Linser
Support
Support
‎2024-04-29 01:11 PM

@tevkar1 Unfortunatelly you can't configure it further as of now. Please raise a feature request with Qlik.

https://community.qlik.com/t5/Official-Support-Articles/How-To-Submit-an-Idea-or-Propose-and-Improve...

 

It could be either for a custom header, so you can just add your own, or a second version of HSTS without the IncludeSubdomain option.

best regards

Sebastian

Help users find answers! Don't forget to mark a solution that worked for you! 🙂
190 Views
0 Likes