I’d like to check Atlassian plans regarding implementing Connect Security Requirements, namely HSTS, in ACE?
Looks like there is support for HSTS in Atlassian Connect Spring Boot, see HSTS check fail with Connect Security Requirements Tester (CSRT), and I have found atlassian-connect-express-ssl - npm, but trying it, I don’t see any differences with non ssl package.
Note, I’m using Heroku, and HSTS needs to be implemented on app level, see Using HTTP Headers to Secure Your Site | Heroku, but I expect that ACE could do this for all connect apps.
Additionally, I would expect atlassian-connect-express-ssl to force ssl (do redirect to https) for the connect apps automatically.
Could someone let me know if this or something related is going to be?