-
Notifications
You must be signed in to change notification settings - Fork 3.1k
Unnecessary HSTS header over HTTP #1005
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Comments
@l4rm4nd sorry for taking so long to respond to you (wow its more than two years past) |
fixes NginxProxyManager#1005 for more information look at: https://websistent.com/add-the-hsts-header-only-for-https-requests-nginx/
@jc21 I believe this change causes something to break. I don't know a lot about nginx but recently I can't add a location block to my proxy hosts without them going offline. I looked around for the problem and found this in the db |
Hey @andresatierf |
I wanted to add my Website to the hsts-preload list: https://hstspreload.org/

With the current configuration I was able to add my site to the list. But I still have this very annoying message.
The hsts header should only be added if i access the page with https, but not when i access it over http.
I have tried a lot of different methods over the last days, but none seemed to work. First I tried to add the header in my node application instead of in the npm (not node package manager, but nginx proxy manager). But this obviously does not work, as the https terminates at the npm. so req.connection.enrypted is always undefined.
I also tried to solve it in the advanced settings:

but this immediately makes the applikation stop working.

It really seemes that I am not able to solve this problem on my own and I need your help. I think the problem needs to be tackled inside npm itself.
Kind Regards
Dario Viva
The text was updated successfully, but these errors were encountered: