Re: [keycloak-dev] Enable SSL by default
+1 on enforcing it. Do we have any plans around HSTS? Or this is
something that sysadmins should configure into their servers?
On 2014-07-31, Stian Thorgersen wrote:
To make sure no-one goes of and uses Keycloak in production without
HTTPS we should require SSL by default. To still allow developers to play with Keycloak
without having to configure HTTPS first we should allow non-HTTPS if accessed via
localhost only.
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
--
abstractj
PGP: 0x84DC9914