OpenCloud
/
PeerTube
mirror of https://github.com/Chocobozzz/PeerTube
1
0
Fork 0
Code Issues Releases Wiki Activity

Don't include `preload` flag in sample HSTS header 

This goes against the recommendations (preloading should be opt-in). Putting it in the example makes it likely that people enable it without knowing what it means.

https://hstspreload.org/?domain=peertube.social#opt-in
pull/1082/merge
Felix Ableitner 2018-09-11 13:04:49 -05:00 committed by Rigel Kent
parent a157b3a322
commit 5284d4028c
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
support/nginx/peertube
View File

@ -48,7 +48,7 @@ server {
# Tells browsers to stick with HTTPS and never visit the insecure HTTP
# version. Once a browser sees this header, it will only visit the site over
# HTTPS for the next 2 years: (read more on hstspreload.org)
#add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
#add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
access_log /var/log/nginx/peertube.example.com.access.log;
error_log /var/log/nginx/peertube.example.com.error.log;