Bug
The HTTP Strict Transport Security (HSTS) header is not present on 302 (redirect) responses for Portal for ArcGIS.
| Bug ID Number | BUG-000158917 |
|---|---|
| Submitted | June 7, 2023 |
| Last Modified | December 11, 2024 |
| Applies to | Portal for ArcGIS |
| Version found | 10.9.1 |
| Operating System | Windows Server |
| Operating System Version | 2016 64 Bit |
| Version Fixed | 11.2 |
| Status | Fixed |
Workaround
There is not currently a workaround to fix this. However, the HSTS header is present on the internal Portal for ArcGIS site if HSTS is configured in the settings. There is only an issue when security scanners run the scan on https://fqdn:7443, and it presumes HSTS is not enabled. This is because the URL redirects to Portal for ArcGIS Home, and the redirect itself does not have the HSTS header present.
Steps to Reproduce
Bug ID: BUG-000158917
Software:
- Portal for ArcGIS
Get notified when the status of a bug changes
Discover more on this topic
Search for related information
Find training related to this topic
Explore ideas and give feedback
Get help from ArcGIS experts
Download the Esri Support App