[keycloak-dev] Enable SSL by default
Bruno Oliveira
bruno at abstractj.org
Thu Jul 31 06:11:44 EDT 2014
+1 on enforcing it. Do we have any plans around HSTS? Or this is
something that sysadmins should configure into their servers?
On 2014-07-31, Stian Thorgersen wrote:
> To make sure no-one goes of and uses Keycloak in production without HTTPS we should require SSL by default. To still allow developers to play with Keycloak without having to configure HTTPS first we should allow non-HTTPS if accessed via localhost only.
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
--
abstractj
PGP: 0x84DC9914
More information about the keycloak-dev
mailing list