Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[enh] Don't add Strict-Transport-Security header in nginx conf if using a selfsigned cert #661

Merged
merged 1 commit into from Feb 24, 2019

Conversation

Projects
None yet
2 participants
@alexAubin
Copy link
Member

commented Feb 22, 2019

The problem

c.f. YunoHost/issues#1310 , Firefox and probably all decent browser ignore this header anyway

Solution

Don't add the header if using a self-signed cert

PR Status

Tested on my machine™

How to test

Pull the branch, have a domain with self-signed certificate, regen nginx conf. Check a javascript console before and after on the SSO portal.

Validation

  • Principle agreement 0/2 :
  • Quick review 0/1 :
  • Simple test 0/1 :
  • Deep review 0/1 :
@frju365
Copy link
Member

left a comment

Completely agree ;-)

@alexAubin alexAubin changed the title Don't add Strict-Transport-Security header in nginx conf if using a selfsigned cert [enh] Don't add Strict-Transport-Security header in nginx conf if using a selfsigned cert Feb 24, 2019

@alexAubin alexAubin merged commit 6a7a0a8 into stretch-unstable Feb 24, 2019

2 checks passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details

@alexAubin alexAubin deleted the no-strict-transport-if-selfsigned-cert branch Feb 24, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.