This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

How can I do the right thing with HTTP Strict Transport Security in the Drupal-based Apigee Developer Portal?

Posted on 06-13-2017 12:27 PM
DChiesa
Staff
Reply posted on --/--/---- --:-- AM

By "do the right thing" , I mean, I Want to issue the HSTS header appropriately.

This is an Apigee-hosted Developer Portal site, hosted at Pantheon.

There is a doc from Pantheon here: https://pantheon.io/docs/hsts/

Is that the correct configuration?

Is there anything else I should know?

Will there be any effect on the Smartdocs modules?

@Anil Sagar , I'm hoping you have a viewpoint.

0 1 827
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
DChiesa
Staff
Reply posted on --/--/---- --:-- AM

Nope, there's nothing else. You can rely on the HSTS module.

Ok, Here's what I did.

Relying on this reference page, I followed these steps

  1. visit the download page for the HSTS module, and download it.

  2. Then, unzip and install it: 

    $ cd ~/dev/devportals/my-site/sites/all/modules
$ unzip -d contrib  ~/Downloads/hsts-7.x-1.2.zip 
$ git pull
Already up-to-date.

$ git add contrib/hsts

$ git commit -m "install HSTS module" 
$ git push
  3. Then, login to the Drupal site
  4. Enable the module by visiting /admin/modules and clicking the slider for HSTS
  5. In the Drupal site and visit /admin/config/security/hsts
  6. From that page, turn on HSTS, and set the Max Age to 15552000
  7. Save
0 Likes