lobsters-ansible icon indicating copy to clipboard operation
lobsters-ansible copied to clipboard

Published 20 hours ago verified publisher icon lobsters

HSTS headers are missing

Open pushcx opened this issue 6 years ago • 2 comments

Lobste.rs is preloaded into Chrome's list of sites that are HTTPS-only, but the headers to maintain this seem to have gone missing in the move. This is almost certainly a tweak to the nginx.conf.

More info: https://hstspreload.org/?domain=lobste.rs

pushcx avatar Oct 25 '17 13:10 pushcx

This will be easy to fix when #5 will be solved.

jstoja avatar Oct 26 '17 10:10 jstoja

Hey Peter,

I see that HSTS has been added to the nginx configuration, but it hasn't been enabled yet (it's commented): https://github.com/lobsters/lobsters-ansible/blob/master/roles/nginx/files/test/nginx/sites-available/lobste.rs#L84

If it hasn't been working properly, would you have more details?

Best, Julien

jstoja avatar Nov 29 '20 14:11 jstoja

Done earlier today with commits to this and the lobsters repo.

pushcx avatar Oct 04 '23 17:10 pushcx