Commit 282f7f98 authored by Mark Harding's avatar Mark Harding
Browse files

(chore): Ensure Strict-Transport-Security is set

parent 7b2ba46e
......@@ -8,6 +8,8 @@ server {
error_log /dev/stdout warn;
access_log off;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
if ($host = 'minds.com' ) {
rewrite ^/(.*)$ https://www.minds.com/$1 permanent;
}
......@@ -24,6 +26,7 @@ server {
}
location ~ ^(/api|/fs|/icon|/carousel) {
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
......@@ -69,6 +72,7 @@ server {
# pass the PHP scripts to FastCGI server listening on socket
location ~ \.php$ {
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
add_header X-Cache $upstream_cache_status;
add_header No-Cache $no_cache;
add_header X-No-Cache $no_cache;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment