We use cookies to ensure you get the best experience on our website
صفحهٔ اصلی گشت‌و‌گذار راهنما
ثبت نام ورود
0ct0pu5
/
desec-stack
1
0
انشعاب 0
پرونده‌ها مشکلات 0 درخواست واکشی 0 ویکی
فهرست منبع

fix(nginx): typo with HSTS parameter

Not strictly case sensitive but every documentation uses this form.
Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
Rotzbua 1 سال پیش
والد
3ced8396cd
کامیت
a60620d501
6فایلهای تغییر یافته به همراه7 افزوده شده و 7 حذف شده
مشاهده تقسیم شده نمایش آمار تفاوت ها
  1. 1 1
      test/e2e2/spec/test_www.py
  2. 1 1
      www/90-desec.static.dev.location
  3. 2 2
      www/conf/sites-available/85-redirects.conf.var
  4. 1 1
      www/conf/sites-available/90-desec.api.location.var
  5. 1 1
      www/conf/sites-available/90-desec.prometheus.location
  6. 1 1
      www/conf/sites-available/90-desec.static.location

+ 1 - 1
test/e2e2/spec/test_www.py
مشاهده فایل 

@@ -88,7 +88,7 @@ def test_unknown_hosts(api_anon, protocol, hostname):
 
 def test_security_headers(api_anon):
 
     api_anon.headers = {}
 
     expected_headers = {
 
-        'Strict-Transport-Security': 'max-age=31536000; includeSubdomains; preload',
 
+        'Strict-Transport-Security': 'max-age=31536000; includeSubDomains; preload',
 
         'Content-Security-Policy': "default-src 'self'; frame-src 'none'; connect-src 'self'; font-src 'self' data:; "
 
                                    "img-src 'self' data:; media-src data:; script-src 'self' 'unsafe-eval'; "
 
                                    "style-src 'self' 'unsafe-inline'; base-uri 'self'; frame-ancestors 'none'; "

+ 1 - 1
www/90-desec.static.dev.location
مشاهده فایل 

@@ -1,7 +1,7 @@
 
 location / {
 
     expires epoch;
 
     etag off;
 
-    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload" always;
 
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
 
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 
     proxy_set_header Host "0.0.0.0";

+ 2 - 2
www/conf/sites-available/85-redirects.conf.var
مشاهده فایل 

@@ -29,7 +29,7 @@ server {
 
 	include global.conf;
 
 
 	location / {
 
-		add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload" always;
 
+		add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
 
 		return 301 https://desec.$DESECSTACK_DOMAIN$request_uri;
 
 	}
 
 }
 
@@ -48,7 +48,7 @@ server {
 
         include global.conf;
 
 
         location / {
 
-                add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload" always;
 
+                add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
 
                 return 301 https://desec.$DESECSTACK_DOMAIN$request_uri;
 
         }
 
 }

+ 1 - 1
www/conf/sites-available/90-desec.api.location.var
مشاهده فایل 

@@ -7,7 +7,7 @@ location /api/ {
 
 
     expires epoch;
 
     etag off;
 
-    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload" always;
 
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
 
     include uwsgi_params;
 
     uwsgi_pass desecapi;

+ 1 - 1
www/conf/sites-available/90-desec.prometheus.location
مشاهده فایل 

@@ -4,7 +4,7 @@
 
 location /prometheus/ {
 
     expires epoch;
 
     etag off;
 
-    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload" always;
 
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
 
 
     auth_basic "Prometheus";
 
     auth_basic_user_file /etc/nginx/htpasswd;

+ 1 - 1
www/conf/sites-available/90-desec.static.location
مشاهده فایل 

@@ -10,7 +10,7 @@ location / {
 
 
     location /index.html {  # Also includes / via internal redirect, see https://nginx.org/en/docs/http/ngx_http_index_module.html#index
 
         expires epoch;
 
-        add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload" always;
 
+        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
 
         add_header Content-Security-Policy "default-src 'self'; frame-src 'none'; connect-src 'self'; font-src 'self' data:; img-src 'self' data:; media-src data:; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; base-uri 'self'; frame-ancestors 'none'; block-all-mixed-content; form-action 'none';" always;
 
         add_header X-Frame-Options "deny" always;
 
         add_header X-Content-Type-Options "nosniff" always;

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5