Post Nextstrain results on the public website, securely

Is there a way to include HSTS response header for the link generated by auspice?

We are trying to share results of the workflow through the university resources and that is the security’s team request.

I apologize if I am missing something very basic.

Thank you.

@abombin Can you be more specific in what you mean when you say “link generated by Auspice”? What’s an example of a URL you’d like to use HSTS?

We may be able to add the Strict-Transport-Security header to and/or, but note that wouldn’t impact a local server using Auspice. For that you’d want to add the headers to your own deployment, such as at a reverse proxy.

1 Like

Thank you. Yes, my question was about modifying the link generated by the local server with

nextstrain view auspice 

I was thinking that since there are options to select the host and the port, perhaps there is an option for HSTS.
Thank you for answering my question.

Ah, I see. Yeah, HSTS isn’t applicable in that case because of the emphemeral nature of nextstrain view, plus it doesn’t support HTTPS. You could put a TLS-terminating reverse proxy in front of nextstrain view (or auspice view) and apply HSTS headers there if you wanted.

1 Like

Thank you very much for your suggestion!