From 6328da8c017cf00d3c0ac8824ec5af128f6db42e Mon Sep 17 00:00:00 2001
From: Rigel Kent <sendmemail@rigelk.eu>
Date: Sun, 9 Sep 2018 22:10:38 +0200
Subject: make HSTS opt-in and leave it to the reverse-proxy

---
 server.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'server.ts')

diff --git a/server.ts b/server.ts
index 2db39ab06..76d00edd3 100644
--- a/server.ts
+++ b/server.ts
@@ -55,7 +55,8 @@ app.set('trust proxy', CONFIG.TRUST_PROXY)
 app.use(helmet({
   frameguard: {
     action: 'deny' // we only allow it for /videos/embed, see server/controllers/client.ts
-  }
+  },
+  hsts: false
 }))
 
 // ----------- Database -----------
-- 
cgit v1.2.3