Do you use HTTPS everywhere? Have you deployed HSTS on your server?

As you may have noticed, the header HTTP-Strict-Transport-Security (HSTS) is not enforced on our web application. You can use through HTTP and HTTPS depending on the Forest environment (e.g., development, staging, production).

Very often, your development environment such as localhost:3000 does not have an HTTPS configuration. This is why we make the HTTP protocol available.

On your Forest production environment, we require that you use an HTTPS application endpoint (otherwise you’ll see a warning) to get HTTPS enforced on

⚠️ On a remote server, HTTPS is required for security reasons.


Did this help answer your question?

thumbs up
thumbs down

Thanks for the feedback! 🙏🏽