summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJonas Smedegaard <dr@jones.dk>2020-10-19 20:29:39 +0200
committerJonas Smedegaard <dr@jones.dk>2020-10-19 20:29:39 +0200
commit369792f19ea16fa13f529e356c78da4b66ed7752 (patch)
treeb61189efb6bf1ebc419ec3a3c90d6444795519b3
parentd07729f5b66b10b80c6857c4f918c2ff4f699049 (diff)
set HSTS header only with HTTPS
-rw-r--r--apache2/conf-available/security.conf2
-rw-r--r--apache2/conf-available/security.conf.diff2
2 files changed, 2 insertions, 2 deletions
diff --git a/apache2/conf-available/security.conf b/apache2/conf-available/security.conf
index 2fcb473..fabdafb 100644
--- a/apache2/conf-available/security.conf
+++ b/apache2/conf-available/security.conf
@@ -88,6 +88,6 @@ Header always set Permissions-Policy "accelerometer(), ambient-light-sensor(), a
Header always set Referrer-Policy "no-referrer-when-downgrade"
# enable Strict Transport Security
-Header always set Strict-Transport-Security "max-age=63072000;includeSubdomains;preload"
+Header always set Strict-Transport-Security "max-age=63072000;includeSubdomains;preload" "expr=-n %{HTTPS}"
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
diff --git a/apache2/conf-available/security.conf.diff b/apache2/conf-available/security.conf.diff
index c363be3..5d80605 100644
--- a/apache2/conf-available/security.conf.diff
+++ b/apache2/conf-available/security.conf.diff
@@ -43,6 +43,6 @@
+Header always set Referrer-Policy "no-referrer-when-downgrade"
+
+# enable Strict Transport Security
-+Header always set Strict-Transport-Security "max-age=63072000;includeSubdomains;preload"
++Header always set Strict-Transport-Security "max-age=63072000;includeSubdomains;preload" "expr=-n %{HTTPS}"
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet