diff options
author | Rigel Kent <sendmemail@rigelk.eu> | 2018-09-09 22:10:38 +0200 |
---|---|---|
committer | Rigel Kent <sendmemail@rigelk.eu> | 2018-09-09 22:10:38 +0200 |
commit | 6328da8c017cf00d3c0ac8824ec5af128f6db42e (patch) | |
tree | 462f5c2e705a8013a614c9a0ed4e382ed55032e8 | |
parent | 20c3a59e2c81bb00be943ccc51efe175c08eaa4e (diff) | |
download | PeerTube-6328da8c017cf00d3c0ac8824ec5af128f6db42e.tar.gz PeerTube-6328da8c017cf00d3c0ac8824ec5af128f6db42e.tar.zst PeerTube-6328da8c017cf00d3c0ac8824ec5af128f6db42e.zip |
make HSTS opt-in and leave it to the reverse-proxy
-rw-r--r-- | server.ts | 3 | ||||
-rw-r--r-- | support/nginx/peertube | 6 |
2 files changed, 7 insertions, 2 deletions
@@ -55,7 +55,8 @@ app.set('trust proxy', CONFIG.TRUST_PROXY) | |||
55 | app.use(helmet({ | 55 | app.use(helmet({ |
56 | frameguard: { | 56 | frameguard: { |
57 | action: 'deny' // we only allow it for /videos/embed, see server/controllers/client.ts | 57 | action: 'deny' // we only allow it for /videos/embed, see server/controllers/client.ts |
58 | } | 58 | }, |
59 | hsts: false | ||
59 | })) | 60 | })) |
60 | 61 | ||
61 | // ----------- Database ----------- | 62 | // ----------- Database ----------- |
diff --git a/support/nginx/peertube b/support/nginx/peertube index 0720dbd97..5d97c0cf1 100644 --- a/support/nginx/peertube +++ b/support/nginx/peertube | |||
@@ -44,7 +44,11 @@ server { | |||
44 | gzip_types text/css text/html application/javascript; | 44 | gzip_types text/css text/html application/javascript; |
45 | gzip_vary on; | 45 | gzip_vary on; |
46 | 46 | ||
47 | add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; | 47 | # Enable HSTS |
48 | # Tells browsers to stick with HTTPS and never visit the insecure HTTP | ||
49 | # version. Once a browser sees this header, it will only visit the site over | ||
50 | # HTTPS for the next 2 years: (read more on hstspreload.org) | ||
51 | #add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; | ||
48 | 52 | ||
49 | access_log /var/log/nginx/peertube.example.com.access.log; | 53 | access_log /var/log/nginx/peertube.example.com.access.log; |
50 | error_log /var/log/nginx/peertube.example.com.error.log; | 54 | error_log /var/log/nginx/peertube.example.com.error.log; |