lobsters-ansible
lobsters-ansible copied to clipboard
HSTS headers are missing
Lobste.rs is preloaded into Chrome's list of sites that are HTTPS-only, but the headers to maintain this seem to have gone missing in the move. This is almost certainly a tweak to the nginx.conf.
More info: https://hstspreload.org/?domain=lobste.rs
This will be easy to fix when #5 will be solved.
Hey Peter,
I see that HSTS has been added to the nginx configuration, but it hasn't been enabled yet (it's commented): https://github.com/lobsters/lobsters-ansible/blob/master/roles/nginx/files/test/nginx/sites-available/lobste.rs#L84
If it hasn't been working properly, would you have more details?
Best, Julien
Done earlier today with commits to this and the lobsters repo.