fix set HSTS header only with HTTPS

author: Jonas Smedegaard <dr@jones.dk> 2020-10-19 20:30:48 +0200
committer: Jonas Smedegaard <dr@jones.dk> 2020-10-19 20:30:48 +0200
commit: 6f2789383d183f004329daf559dd2b9333fef3cc (patch)
tree: 5d8882d077c6302d9e404992e5391522e625010d
parent: 369792f19ea16fa13f529e356c78da4b66ed7752 (diff)
2 files changed, 2 insertions, 2 deletions
diff --git a/apache2/conf-available/security.conf b/apache2/conf-available/security.conf
index fabdafb..6975048 100644
--- a/apache2/conf-available/security.conf
+++ b/apache2/conf-available/security.conf
@@ -88,6 +88,6 @@ Header always set Permissions-Policy "accelerometer(), ambient-light-sensor(), a
 Header always set Referrer-Policy "no-referrer-when-downgrade"
 
 # enable Strict Transport Security
-Header always set Strict-Transport-Security "max-age=63072000;includeSubdomains;preload" "expr=-n %{HTTPS}"
+Header always set Strict-Transport-Security "max-age=63072000;includeSubdomains;preload" "expr=%{HTTPS} != 'off'"
 
 # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
diff --git a/apache2/conf-available/security.conf.diff b/apache2/conf-available/security.conf.diff
index 5d80605..de9221a 100644
--- a/apache2/conf-available/security.conf.diff
+++ b/apache2/conf-available/security.conf.diff
@@ -43,6 +43,6 @@
 +Header always set Referrer-Policy "no-referrer-when-downgrade"
 +
 +# enable Strict Transport Security
-+Header always set Strict-Transport-Security "max-age=63072000;includeSubdomains;preload" "expr=-n %{HTTPS}"
++Header always set Strict-Transport-Security "max-age=63072000;includeSubdomains;preload" "expr=%{HTTPS} != 'off'"
  
  # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
author	Jonas Smedegaard <dr@jones.dk>	2020-10-19 20:30:48 +0200
committer	Jonas Smedegaard <dr@jones.dk>	2020-10-19 20:30:48 +0200
commit	6f2789383d183f004329daf559dd2b9333fef3cc (patch)
tree	5d8882d077c6302d9e404992e5391522e625010d
parent	369792f19ea16fa13f529e356c78da4b66ed7752 (diff)