Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
Describe the issue:
I want to enable hsts for the opensearch dashboards and for the opensearch service. I can’t figure out how to correctly set the hsts header.
Kibana allows this by enabling the server.securityResponseHeaders.strictTransportSecurity setting in the kibana.yml
How do I enable this for opensearch and opensearch-dashboards?
Relevant Logs or Screenshots:
server.securityResponseHeaders.strictTransportSecurity is not a part XPack security plugin but Kibana’s function.
I’m not aware of such functionality in OpenSearch’s security plugin. Following Kibana logic I would expect this option in OpenSearch Dashboards
I’ve tried to use it in the OpenSeach Dashboards 2.5 configuration and got the following error.
FATAL ValidationError: child "server" fails because ["securityResponseHeaders" is not allowed]
It looks unsupported at this point. You can try to report it as a feature request in OpenSeach Dashboards GitHub