-
Notifications
You must be signed in to change notification settings - Fork 54
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HSTS settings in examples.conf #109
Comments
Sorry, we seem to have overlooked this bug report. I will fix it now. Thanks for reporting! |
ottok
added a commit
that referenced
this issue
May 26, 2020
Document the many alternative ways to achieve the same things as mentioned in the examples.conf. Most of the time we probably don't want users to create custom Nginx configs if there are easier and more flexible or more reliable ways to achieve the same in PHP or WordPress itself. Also fix colon in HSTS example (Closes: #109).
Actually, Seravo.com has been using all the time this:
..and it works just fine (and yields A+ status in ssllabs.com).
The extra colon does not hurt anything. Do you have some cases where it would cause issues? |
ottok
added a commit
that referenced
this issue
May 26, 2020
Document the many alternative ways to achieve the same things as mentioned in the examples.conf. Most of the time we probably don't want users to create custom Nginx configs if there are easier and more flexible or more reliable ways to achieve the same in PHP or WordPress itself. PageSpeed example is dropped since it isn't much useful anymore in 2020. Also fix colon in HSTS example (Closes: #109).
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I noticed this line has an extra colon inside the quotation marks, and that might affect how browsers parse this header. That colon is probably leftover when 'includeSubDomains; preload' has deleted there. Also, the HSTS header should be sent only over HTTPS and has no effect over HTTP.
#add_header Strict-Transport-Security "max-age=63072000;";
The text was updated successfully, but these errors were encountered: