Disable HSTS in nginx config by default.

Unfortunately, it's just not feasible to to enforce strict HTTPS domain-wide with a seedbox. While most swizzin apps are all configured to be proxied through SSL, not all applications have good/working proxy configurations (e.g. btsync). HSTS will unfortunately override legitmate http requests with https once the header has been set by the client, even if the service isn't proxied by nginx. You are welcome to comment out the line yourself in your configuration; however as a default, we will have to make do without it.
swizzin · Sep 22, 2017 · 5f9af8d · 5f9af8d
1 parent 5802319
commit 5f9af8d
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/scripts/install/nginx.sh b/scripts/install/nginx.sh
@@ -146,7 +146,7 @@ resolver_timeout 5s;
 # the "preload" directive if you understand the implications.
 #add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
 
-add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
+#add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
 #add_header X-Frame-Options DENY;
 add_header X-Frame-Options SAMEORIGIN;
 add_header X-Content-Type-Options nosniff;