Skip to content

Deprecate HPKP security header #10144

New issue
New issue
Closed
Closed
Deprecate HPKP security header#10144
Assignees
marcusdacoregio
Labels
in: webAn issue in web modules (web, webmvc)status: ideal-for-contributionAn issue that we actively are looking for someone to help us withtype: enhancementA general enhancement
Milestone
5.8.0-RC1
@jiheon-dev

Description

@jiheon-dev
jiheon-dev
opened on Jul 28, 2021

Related #4261

Expected Behavior

Since the HPKP HeaderSupport has been deprecated by the browsers in order to support Expect-CT security header, we should deprecate its DSL.

Current Behavior

Spring Security project supports Public-Key-Pins header.

Reference

https://scotthelme.co.uk/hpkp-is-no-more/
https://scotthelme.co.uk/a-new-security-header-expect-ct/

Metadata

Metadata

Assignees

Labels

in: webAn issue in web modules (web, webmvc)status: ideal-for-contributionAn issue that we actively are looking for someone to help us withtype: enhancementA general enhancement

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions