Don't include `preload` flag in sample HSTS header

This goes against the recommendations (preloading should be opt-in). Putting it in the example makes it likely that people enable it without knowing what it means. https://hstspreload.org/?domain=peertube.social#opt-in
author: Felix Ableitner <me@nutomic.com> 2018-09-11 13:04:49 -0500
committer: Rigel Kent <par@rigelk.eu> 2018-09-11 20:10:57 +0200
commit: 5284d4028c5db6e32b73b13731622ba477597561 (patch)
tree: 2671f1c967b3f2f80e19b0e3d2d08814653cbed4 /support/nginx
parent: a157b3a322258ee5792322cf4a79437ba8d5cc2d (diff)
download: PeerTube-5284d4028c5db6e32b73b13731622ba477597561.tar.gz
PeerTube-5284d4028c5db6e32b73b13731622ba477597561.tar.zst
PeerTube-5284d4028c5db6e32b73b13731622ba477597561.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/support/nginx/peertube b/support/nginx/peertube
index 5d97c0cf1..0da427037 100644
--- a/support/nginx/peertube
+++ b/support/nginx/peertube
@@ -48,7 +48,7 @@ server {
  # Tells browsers to stick with HTTPS and never visit the insecure HTTP
  # version. Once a browser sees this header, it will only visit the site over
  # HTTPS for the next 2 years: (read more on hstspreload.org)
-  #add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
+  #add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
  access_log /var/log/nginx/peertube.example.com.access.log;
  error_log /var/log/nginx/peertube.example.com.error.log;
author	Felix Ableitner <me@nutomic.com>	2018-09-11 13:04:49 -0500
committer	Rigel Kent <par@rigelk.eu>	2018-09-11 20:10:57 +0200
commit	5284d4028c5db6e32b73b13731622ba477597561 (patch)
tree	2671f1c967b3f2f80e19b0e3d2d08814653cbed4 /support/nginx
parent	a157b3a322258ee5792322cf4a79437ba8d5cc2d (diff)
download	PeerTube-5284d4028c5db6e32b73b13731622ba477597561.tar.gz PeerTube-5284d4028c5db6e32b73b13731622ba477597561.tar.zst PeerTube-5284d4028c5db6e32b73b13731622ba477597561.zip

diff --git a/support/nginx/peertube b/support/nginx/peertube index 5d97c0cf1..0da427037 100644 --- a/support/nginx/peertube +++ b/support/nginx/peertube
@@ -48,7 +48,7 @@ server {
48	# Tells browsers to stick with HTTPS and never visit the insecure HTTP	48	# Tells browsers to stick with HTTPS and never visit the insecure HTTP
49	# version. Once a browser sees this header, it will only visit the site over	49	# version. Once a browser sees this header, it will only visit the site over
50	# HTTPS for the next 2 years: (read more on hstspreload.org)	50	# HTTPS for the next 2 years: (read more on hstspreload.org)
51	#add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";	51	#add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
52		52
53	access_log /var/log/nginx/peertube.example.com.access.log;	53	access_log /var/log/nginx/peertube.example.com.access.log;
54	error_log /var/log/nginx/peertube.example.com.error.log;	54	error_log /var/log/nginx/peertube.example.com.error.log;