Merge pull request #661 from YunoHost/no-strict-transport-if-selfsign…

…ed-cert [enh] Don't add Strict-Transport-Security header in nginx conf if using a selfsigned cert
YunoHost · Feb 24, 2019 · 6a7a0a8 · 6a7a0a8
2 parents 0320ca9 + 198919a
commit 6a7a0a8
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/data/templates/nginx/server.tpl.conf b/data/templates/nginx/server.tpl.conf
@@ -51,7 +51,9 @@ server {
     # Follows the Web Security Directives from the Mozilla Dev Lab and the Mozilla Obervatory + Partners
     # https://wiki.mozilla.org/Security/Guidelines/Web_Security
     # https://observatory.mozilla.org/ 
-    more_set_headers "Strict-Transport-Security : max-age=63072000; includeSubDomains; preload"; 
+    {% if domain_cert_ca != "Self-signed" %}
+    more_set_headers "Strict-Transport-Security : max-age=63072000; includeSubDomains; preload";
+    {% endif %}
     more_set_headers "Content-Security-Policy : upgrade-insecure-requests";
     more_set_headers "Content-Security-Policy-Report-Only : default-src https: data: 'unsafe-inline' 'unsafe-eval'";
     more_set_headers "X-Content-Type-Options : nosniff";