example configs: kill STS/CT headers
authorWilliam Pitcock <nenolod@dereferenced.org>
Sun, 11 Nov 2018 06:56:46 +0000 (06:56 +0000)
committerWilliam Pitcock <nenolod@dereferenced.org>
Sun, 11 Nov 2018 06:56:46 +0000 (06:56 +0000)
installation/caddyfile-pleroma.example
installation/pleroma-apache.conf
installation/pleroma.nginx
installation/pleroma.vcl

index c34b4704560b0ff06188ceaa82b710eccd89172e..03ff000b6c00b6ec6344f108d9b4ccdf3fbaade9 100644 (file)
@@ -21,11 +21,6 @@ example.tld  {
     ciphers ECDHE-ECDSA-WITH-CHACHA20-POLY1305 ECDHE-RSA-WITH-CHACHA20-POLY1305 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256
   }
 
-  header / {
-    Strict-Transport-Security "max-age=31536000; includeSubDomains;"
-    Expect-CT "enforce, max-age=2592000"
-  }
-
   # If you do not want to use the mediaproxy function, remove these lines.
   # To use this directive, you need the http.cache plugin for Caddy.
   cache {
index cbb165064e55480bfb24b890bf360640fc7bad7f..d5e75044fc578ef05232a165db465c526ddd7e6d 100644 (file)
@@ -34,9 +34,6 @@ CustomLog ${APACHE_LOG_DIR}/access.log combined
     SSLCompression          off
     SSLSessionTickets       off
 
-    # Uncomment this only after you get HTTPS working.
-    # Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
-
     RewriteEngine On
     RewriteCond %{HTTP:Connection} Upgrade [NC]
     RewriteCond %{HTTP:Upgrade} websocket [NC]
index 62c99383ffcb760eb85edac6f4877f731ba9c412..f0e684f2c8430077cc870a64f2768a9bb7ce384f 100644 (file)
@@ -60,9 +60,6 @@ server {
     client_max_body_size 16m;
 
     location / {
-        # Uncomment this only after you get HTTPS working.
-        # add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
-
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "upgrade";
index 5d80c6f44f9b760bc25d251bf04f2b9e2fb0fd37..63c1cb74dbf01f5b7a72285d83f35306c997b96f 100644 (file)
@@ -119,8 +119,3 @@ sub vcl_pipe {
         set bereq.http.connection = req.http.connection;
     }
 }
-
-sub vcl_deliver {
-  # Uncomment this only after you get HTTPS working.
-  # set resp.http.Strict-Transport-Security= "max-age=31536000; includeSubDomains";
-}