Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Add note on HSTS and exception for OAI-PMH


Yes, all calls to DSpaceDirect are encrypted using Transport Layer Security protocols (HTTPS).  We require HTTPS for all sites, and do not allow any site data to be sent via plain HTTP.  All sites also enable HSTS (HTTP Strict Transfer Security) to tell all web browsers to only use HTTPS. (Note, however, there is one exception to this rule. As OAI-PMH requires HTTP, we do allow HTTP access via the OAI-PMH interface only.)