From 6f2789383d183f004329daf559dd2b9333fef3cc Mon Sep 17 00:00:00 2001
From: Jonas Smedegaard <dr@jones.dk>
Date: Mon, 19 Oct 2020 20:30:48 +0200
Subject: fix set HSTS header only with HTTPS

---
 apache2/conf-available/security.conf      | 2 +-
 apache2/conf-available/security.conf.diff | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/apache2/conf-available/security.conf b/apache2/conf-available/security.conf
index fabdafb..6975048 100644
--- a/apache2/conf-available/security.conf
+++ b/apache2/conf-available/security.conf
@@ -88,6 +88,6 @@ Header always set Permissions-Policy "accelerometer(), ambient-light-sensor(), a
 Header always set Referrer-Policy "no-referrer-when-downgrade"
 
 # enable Strict Transport Security
-Header always set Strict-Transport-Security "max-age=63072000;includeSubdomains;preload" "expr=-n %{HTTPS}"
+Header always set Strict-Transport-Security "max-age=63072000;includeSubdomains;preload" "expr=%{HTTPS} != 'off'"
 
 # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
diff --git a/apache2/conf-available/security.conf.diff b/apache2/conf-available/security.conf.diff
index 5d80605..de9221a 100644
--- a/apache2/conf-available/security.conf.diff
+++ b/apache2/conf-available/security.conf.diff
@@ -43,6 +43,6 @@
 +Header always set Referrer-Policy "no-referrer-when-downgrade"
 +
 +# enable Strict Transport Security
-+Header always set Strict-Transport-Security "max-age=63072000;includeSubdomains;preload" "expr=-n %{HTTPS}"
++Header always set Strict-Transport-Security "max-age=63072000;includeSubdomains;preload" "expr=%{HTTPS} != 'off'"
  
  # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
-- 
cgit v1.2.3