interesting
/
PeerTube
mirror of https://github.com/Chocobozzz/PeerTube.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

make HSTS opt-in and leave it to the reverse-proxy

This commit is contained in:
Rigel Kent 2018-09-09 22:10:38 +02:00
parent 20c3a59e2c
commit 6328da8c01
No known key found for this signature in database
GPG Key ID: EA12971B0E438F36
2 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
server.ts
View File

@ -55,7 +55,8 @@ app.set('trust proxy', CONFIG.TRUST_PROXY)
app.use(helmet({
frameguard: {
action: 'deny' // we only allow it for /videos/embed, see server/controllers/client.ts
}
},
hsts: false
}))
// ----------- Database -----------

6
support/nginx/peertube
View File

@ -44,7 +44,11 @@ server {
gzip_types text/css text/html application/javascript;
gzip_vary on;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
# Enable HSTS
# Tells browsers to stick with HTTPS and never visit the insecure HTTP
# version. Once a browser sees this header, it will only visit the site over
# HTTPS for the next 2 years: (read more on hstspreload.org)
#add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
access_log /var/log/nginx/peertube.example.com.access.log;
error_log /var/log/nginx/peertube.example.com.error.log;