From 369792f19ea16fa13f529e356c78da4b66ed7752 Mon Sep 17 00:00:00 2001
From: Jonas Smedegaard <dr@jones.dk>
Date: Mon, 19 Oct 2020 20:29:39 +0200
Subject: set HSTS header only with HTTPS

---
 apache2/conf-available/security.conf      | 2 +-
 apache2/conf-available/security.conf.diff | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/apache2/conf-available/security.conf b/apache2/conf-available/security.conf
index 2fcb473..fabdafb 100644
--- a/apache2/conf-available/security.conf
+++ b/apache2/conf-available/security.conf
@@ -88,6 +88,6 @@ Header always set Permissions-Policy "accelerometer(), ambient-light-sensor(), a
 Header always set Referrer-Policy "no-referrer-when-downgrade"
 
 # enable Strict Transport Security
-Header always set Strict-Transport-Security "max-age=63072000;includeSubdomains;preload"
+Header always set Strict-Transport-Security "max-age=63072000;includeSubdomains;preload" "expr=-n %{HTTPS}"
 
 # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
diff --git a/apache2/conf-available/security.conf.diff b/apache2/conf-available/security.conf.diff
index c363be3..5d80605 100644
--- a/apache2/conf-available/security.conf.diff
+++ b/apache2/conf-available/security.conf.diff
@@ -43,6 +43,6 @@
 +Header always set Referrer-Policy "no-referrer-when-downgrade"
 +
 +# enable Strict Transport Security
-+Header always set Strict-Transport-Security "max-age=63072000;includeSubdomains;preload"
++Header always set Strict-Transport-Security "max-age=63072000;includeSubdomains;preload" "expr=-n %{HTTPS}"
  
  # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
-- 
cgit v1.2.3