Do you use HTTPS everywhere? Have you deployed HSTS on your server?

As you may have noticed, the header HTTP-Strict-Transport-Security (HSTS) is not enforced on our web application. You can use app.forestadmin.com through HTTP and HTTPS depending on the Forest environment (e.g., development, staging, production).

Very often, your development environment such as localhost:3000 does not have an HTTPS configuration. This is why we make the HTTP protocol available.

On a Forest production environment, we highly recommend that you use an HTTPS application endpoint (otherwise you’ll see a warning) to get HTTPS enforced on app.forestadmin.com

⚠️ On a remote server, HTTP protocol should be set to HTTPS for security reasons.

 


Did this help answer your question?

thumbs up
thumbs down

Thanks for the feedback! 🙏🏽