nginx-proxy-manager icon indicating copy to clipboard operation
nginx-proxy-manager copied to clipboard
Published 4 weeks ago verified publisher icon NginxProxyManager

HSTS Header is added on HTTP hosts - Incorrect implementation of RFC6797

Open StanvanHoorn opened this issue 3 years ago • 1 comments

Checklist

  • Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
    • Yes / ~~No~~
  • Are you sure you're not using someone else's docker image?
    • Yes / ~~No~~
  • Have you searched for similar issues (both open and closed)?
    • Yes / ~~No~~

Describe the bug HSTS is added in the server block of the Nginx for both port 80 and 443 resulting in warnings in various online tooling including hstspreload.org. This probably is caused by the fact that the generated Nginx config combines the port 80 and 443 servers. See: #1 - Redirection host template; #2 - Listen config; #3 - HSTS config

Possible solution Make different server config blocks for port 80 and 443, and only include the HSTS config in the one for 443 if enabled.

Nginx Proxy Manager Version v2.9.18

StanvanHoorn avatar Nov 03 '22 10:11 StanvanHoorn

Any plans to fix this?

StanvanHoorn avatar Dec 01 '22 14:12 StanvanHoorn

Issue is now considered stale. If you want to keep it open, please comment :+1:

github-actions[bot] avatar Feb 06 '24 01:02 github-actions[bot]

As far as I know, this issue still persists

StanvanHoorn avatar Feb 09 '24 08:02 StanvanHoorn