mirrors/nextcloud-documentation
3
0
Fork 0
mirror of https://github.com/nextcloud/documentation.git synced 2025-10-26 11:18:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Nginx config: Remove line-breaks from STS header

Browse Source 
This patch removes the incorrect line-breaks in the Strict-Transport-Security Headers.
Just removing the comment at the beginning of the line (and therefore having a line-break in the header field) leads to various kinds of failures across different clients and browsers.
This commit is contained in:
Jack 2019-01-25 16:04:40 +01:00 committed by GitHub
parent 240d313245
commit fdde09ad79
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
admin_manual/installation/nginx.rst
View File

@ -61,8 +61,7 @@ webroot of your nginx installation. In this example it is
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
# add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
# add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
@ -316,8 +315,7 @@ your nginx installation.
# to have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read
# into this topic first.
# add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
# add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;