0

I found that most modern browsers support HSTS and switch over to HTTPS if they find it in the HTTP/HTTPS headers for the domain. Browsers would implemented appropriate response to teh HSTS header.

  1. What about client applications that are making http/https calls to the web servers?
  2. Do standard http clients like apache commons library ot python requests already support that inherently? Or some flags have to bee set? How can that be done?
Olaf Kock
  • 46,930
  • 8
  • 59
  • 90
user2512997
  • 71
  • 2
  • 6

1 Answers1

0

There's no way to answer for libraries "like" A or B. But typically libraries implement the protocol, but don't store any data by themselves (they have no way to persist stuff), so it'll be in the responsibility of the application using the library in question to store the HSTS information somewhere.

Unless you're using a library that has this separate store. I'm not aware that any does (or doesn't), you'll have to check with the one that you intend to use. But my expectation is: You'll have to do it yourself.

Olaf Kock
  • 46,930
  • 8
  • 59
  • 90
  • Apache Commons and Python requests. These are standard Java and Python libraries that I am using. How do I call these libraries to honor the HSTS flag? If I have to do the remembering in the application, what do/may the libraries support? – user2512997 Jul 18 '20 at 05:44