Commit 2aeb233

mo khan <mo@mokhan.ca>
2017-03-12 21:23:37
do not apply strict transport for subdomains.
master
1 parent 5534c4e
Changed files (1)
templates
nginx.conf.erb
templates/nginx.conf.erb
@@ -63,7 +63,7 @@ http {
     access_log /var/log/nginx/<%= @domain %>.access.log;
 
     # enable HTST
-    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
+    add_header Strict-Transport-Security "max-age=63072000; preload";
 
     # disable loading in an iframe
     add_header X-Frame-Options "DENY";