static-file-server icon indicating copy to clipboard operation
static-file-server copied to clipboard
verified publisher icon halverneus

Disabling HSTS

Open OndrejBorek opened this issue 3 years ago • 3 comments

Hello,

this is my first time using github actively. Maybe this is not right way to engage into discussion. I'm in my work using your static-file-server and I'm very happy with it. Now I need to disable HSTS on this server. Can't figure out, how to do it. Sorry for this way of asking question. I think there is better way, I just don't know it.

Ondrej

OndrejBorek avatar Jan 16 '23 15:01 OndrejBorek

No problem. My apologies for my slow reply. I was on a short vacation. Am I correct you are using HTTPS and that you are receiving a "Strict-Transport-Security" header with your HTTP requests when accessing the static file server directly? And you want the header to not be included with the request?

halverneus avatar Jan 18 '23 16:01 halverneus

Thank you for response, it was still fast response.

Yes (I think). I know this could be normally handled in browser settings (which would then not add "Strict-Transport-Security" header for specified domain I guess). But in my case this is not doable because of how we handle domains. I'm not very familial with it, but I have this information: Domain is subdomain of preloaded domain and thus can't be handled via browser settings.

Ondrej

OndrejBorek avatar Jan 19 '23 13:01 OndrejBorek

I have this on my TODO list. I'm hoping to get to it later this week. I may have questions, but I'm going to try replicating, first.

halverneus avatar Jan 23 '23 16:01 halverneus