[SOLVED] What is the difference between UseHttpsRedirection and UseHsts

Issue

I don’t quite get the difference between UseHsts and UseHttpsRedirection in the configure section of the startup file in .net core. Could anyone explain?

Solution

According to the documentation you should use both together:

We recommend all production ASP.NET Core web apps call:

  • The HTTPS Redirection Middleware (UseHttpsRedirection) to redirect all HTTP requests to HTTPS.
  • UseHsts, HTTP Strict Transport Security Protocol (HSTS).

ASP.NET Core Enforce HTTPS

The .UseHttpsRedirection() will issue HTTP response codes redirecting from http to https. The .UseHsts() will add the HSTS response header which the client is supposed to obey.

Answered By – Nate

Answer Checked By – Gilberto Lyons (BugsFixing Admin)

Leave a Reply

Your email address will not be published. Required fields are marked *