Skip to content

Only enable HSTS header for HTTPS and port 443

Stan Hu requested to merge stanhu/gitlab-ce:hsts-check-port-443 into master

What does this MR do?

This MR adds a check that the port used is 443, in addition to HTTPS being enabled, when activating the HSTS header.

Why was this MR needed?

If a user is using a non-standard port for SSL, enabling this header would send clients to port 443 when that port is invalid.

What are the relevant issue numbers?

Closes https://github.com/gitlabhq/gitlabhq/issues/9449

Merge request reports