严格运输安全问题 [英] Strict-Transport-Security Problem

问题描述

我正在开发  .net核心Web应用程序项目，已发布到Azure门户.该项目成功进行.但是我注意到该项目在其他计算机上给出了HTTP 500错误.我调试了代码.问题是由严格的传输安全性"引起的. http标头.

I'm developing  .net core web app project that is published to Azure Portal. The project is work successfully. But I noticed that the project give http 500 error in different computer. I debuged the code. Problem is caused from "Strict-Transport-Security" http header. 

我在行下面添加了代码； 

I added to code below row; 

  context.Response.Headers.Add("Strict-Transport-Security"，"max-age = 31536000; includeSubDomains; preload");

  context.Response.Headers.Add("Strict-Transport-Security", "max-age=31536000; includeSubDomains; preload");

为什么有时我在不同的PC上看到HTTP 500错误?我该怎么办?您对这个问题有任何想法吗?

Why sometimes I see http 500 error in different pc? What should do I for this problem? Have you any idea about this issue?

推荐答案

您好，Czlnkr，

Hi Czlnkr,

两个主机之间是否有一个单独的子域?

Is there a separate subdomain between the two hosts?

HTTP严格传输安全速查表

您可以尝试以下方法吗?

Can you try the following:

Strict-Transport-Security: max-age=31536000; includeSubDomains

This example is useful if all present and future subdomains will be HTTPS. This is a more secure option but will block access to certain pages that can only be served over HTTP.

如果您的解决方案的任何部分正在提供HTTP服务(而不是HTTPS服务)，则这些页面将被阻止.

If any part of your solution is serving up HTTP (instead of HTTPS) those pages will be blocked. 

Strict-Transport-Security: max-age=31536000

如果您还有其他疑问，请告诉我们.

Please let us know if you have any additional questions.

此致

迈克

这篇关于严格运输安全问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！