aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorRigel Kent <sendmemail@rigelk.eu>2018-09-09 22:10:38 +0200
committerRigel Kent <sendmemail@rigelk.eu>2018-09-09 22:10:38 +0200
commit6328da8c017cf00d3c0ac8824ec5af128f6db42e (patch)
tree462f5c2e705a8013a614c9a0ed4e382ed55032e8
parent20c3a59e2c81bb00be943ccc51efe175c08eaa4e (diff)
downloadPeerTube-6328da8c017cf00d3c0ac8824ec5af128f6db42e.tar.gz
PeerTube-6328da8c017cf00d3c0ac8824ec5af128f6db42e.tar.zst
PeerTube-6328da8c017cf00d3c0ac8824ec5af128f6db42e.zip
make HSTS opt-in and leave it to the reverse-proxy
-rw-r--r--server.ts3
-rw-r--r--support/nginx/peertube6
2 files changed, 7 insertions, 2 deletions
diff --git a/server.ts b/server.ts
index 2db39ab06..76d00edd3 100644
--- a/server.ts
+++ b/server.ts
@@ -55,7 +55,8 @@ app.set('trust proxy', CONFIG.TRUST_PROXY)
55app.use(helmet({ 55app.use(helmet({
56 frameguard: { 56 frameguard: {
57 action: 'deny' // we only allow it for /videos/embed, see server/controllers/client.ts 57 action: 'deny' // we only allow it for /videos/embed, see server/controllers/client.ts
58 } 58 },
59 hsts: false
59})) 60}))
60 61
61// ----------- Database ----------- 62// ----------- Database -----------
diff --git a/support/nginx/peertube b/support/nginx/peertube
index 0720dbd97..5d97c0cf1 100644
--- a/support/nginx/peertube
+++ b/support/nginx/peertube
@@ -44,7 +44,11 @@ server {
44 gzip_types text/css text/html application/javascript; 44 gzip_types text/css text/html application/javascript;
45 gzip_vary on; 45 gzip_vary on;
46 46
47 add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; 47 # Enable HSTS
48 # Tells browsers to stick with HTTPS and never visit the insecure HTTP
49 # version. Once a browser sees this header, it will only visit the site over
50 # HTTPS for the next 2 years: (read more on hstspreload.org)
51 #add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
48 52
49 access_log /var/log/nginx/peertube.example.com.access.log; 53 access_log /var/log/nginx/peertube.example.com.access.log;
50 error_log /var/log/nginx/peertube.example.com.error.log; 54 error_log /var/log/nginx/peertube.example.com.error.log;