-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The HSTS directive is always set even in non ssl case #8
Comments
ojullien
added a commit
that referenced
this issue
Apr 27, 2019
Signed-off-by: ojullien <ojullien@users.noreply.github.com>
ojullien
added a commit
that referenced
this issue
Apr 27, 2019
* Forwarding information to backend systems Signed-off-by: ojullien <ojullien@users.noreply.github.com> * Fixes issue #5 Fixes issue #5 * fixed issue #7 Signed-off-by: ojullien <ojullien@users.noreply.github.com> * fixed issue #8 Signed-off-by: ojullien <ojullien@users.noreply.github.com> * reverseproxy refactoring Signed-off-by: ojullien <ojullien@users.noreply.github.com> * reverseproxy refactoring Signed-off-by: ojullien <ojullien@users.noreply.github.com> * reverseproxy refactoring Signed-off-by: ojullien <ojullien@users.noreply.github.com>
ojullien
added a commit
that referenced
this issue
Aug 8, 2019
* Forwarding information to backend systems Signed-off-by: ojullien <ojullien@users.noreply.github.com> * Fixes issue #5 Fixes issue #5 * fixed issue #7 Signed-off-by: ojullien <ojullien@users.noreply.github.com> * fixed issue #8 Signed-off-by: ojullien <ojullien@users.noreply.github.com> * reverseproxy refactoring Signed-off-by: ojullien <ojullien@users.noreply.github.com> * reverseproxy refactoring Signed-off-by: ojullien <ojullien@users.noreply.github.com> * reverseproxy refactoring Signed-off-by: ojullien <ojullien@users.noreply.github.com> * update proxy directive
ojullien
added a commit
that referenced
this issue
Aug 8, 2019
The HTTP page still sends an HSTS header. The HSTS directive is still in the conf-available/zzz-ssl.conf file. |
My mistake, checking wrong version. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The HTTP Strict Transport Security directives should not be in the server conf but in the ssl vhost.
The text was updated successfully, but these errors were encountered: