diff options
author | Peter Dave Hello <hsu@peterdavehello.org> | 2021-08-20 17:54:11 +0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-08-20 10:54:11 +0100 |
commit | a2afcac7d9d55860f62f2f27475cd5a059090505 (patch) | |
tree | f2dbecfab86843ac7b554998ca2a34147c12385f /app/controllers/api/v1/accounts | |
parent | 67021484726e88040c5c1502dddd0eef45734c6b (diff) |
Make sure nginx always send HSTS header (#16633)
By default, it'll only send those headers when the response code is one of the following: - 200, 201, 204, 206, 301, 302, 303, 304, 307 & 308 As all the traffics should be https, the http protocol only exists to do 301 redirect, and always send the HSTS header is almost one of the best practices, we should set nginx to do so. Reference: - https://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header - https://ssl-config.mozilla.org/
Diffstat (limited to 'app/controllers/api/v1/accounts')
0 files changed, 0 insertions, 0 deletions