Versions Compared

Old Version 4

changes.mady.by.user Heather Greer Klein

Saved on

compared with

New Version 5

changes.mady.by.user Tim Donohue

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Add note on HSTS and exception for OAI-PMH

...

Yes, all calls to DSpaceDirect are encrypted using Transport Layer Security protocols (HTTPS).  We require HTTPS for all sites, and do not allow any site data to be sent via plain HTTP.  All sites also enable HSTS (HTTP Strict Transfer Security) to tell all web browsers to only use HTTPS. (Note, however, there is one exception to this rule. As OAI-PMH requires HTTP, we do allow HTTP access via the OAI-PMH interface only.)