root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

add HSTS Policy warning 

Add warning about HSTS header as it means user will need to provide secure connection access to site for next 24 months from page view. See https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security for more details.
This commit is contained in:
Ben Bodenmiller 2014-09-01 15:47:15 -07:00
parent 4102eb3b85
commit 765eabeacc
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/support/nginx/gitlab-ssl
View File

@ -83,6 +83,8 @@ server {
ssl_prefer_server_ciphers on;
## [WARNING] The following header states that the browser should only communicate
## with your server over a secure connection for the next 24 months.
add_header Strict-Transport-Security max-age=63072000;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;