about summary refs log tree commit diff
path: root/app/models/account_pin.rb
diff options
context:
space:
mode:
authorPeter Dave Hello <hsu@peterdavehello.org>2021-08-20 17:54:11 +0800
committerGitHub <noreply@github.com>2021-08-20 10:54:11 +0100
commita2afcac7d9d55860f62f2f27475cd5a059090505 (patch)
treef2dbecfab86843ac7b554998ca2a34147c12385f /app/models/account_pin.rb
parent67021484726e88040c5c1502dddd0eef45734c6b (diff)
Make sure nginx always send HSTS header (#16633)
By default, it'll only send those headers when the response code is one of the following:
- 200, 201, 204, 206, 301, 302, 303, 304, 307 & 308

As all the traffics should be https, the http protocol only exists to do 301 redirect,
and always send the HSTS header is almost one of the best practices, we should set
nginx to do so.

Reference:
- https://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header
- https://ssl-config.mozilla.org/
Diffstat (limited to 'app/models/account_pin.rb')
0 files changed, 0 insertions, 0 deletions