mastoadmin
can someone tell me why ssl labs says this instance is sending multiple hsts headers when there's only one in my config #mastoadmins
only changes I made were the appropriate domain and cert lines. all the crazy ssl/cipher/header stuff is the same.
specifically, I added "includeSubDomains" but this invalid header thing was happening even before I added that directive to it
mastoadmin
@trashyfins Woops. I tested the wrong instance name. I see it.
https://github.com/nginxinc/kubernetes-ingress/issues/86
nginx will send its own HSTS header even if the application is configured to send its own, and that's expected behavior, apparently.
re: mastoadmin
@trashyfins Possibly relevant would be changing "header add" to "header set", and define the whole header instead of appending an HSTS header to a response that might already include one. https://stackoverflow.com/questions/47050302/set-hsts-header-in-htaccess-if-already-isnt-present
re: mastoadmin
@churusaa apparently adding proxy_hide_header Strict-Transport-Security right before the add_header worked. ssllabs gave me treats now
thanks for the tip btw :3 β¨
and for helping in general. aaaaaaaAAAAA
re: mastoadmin
@trashyfins I'm glad you got that figured out.
re: mastoadmin
@churusaa it's on my very long todo list to inspect all of these to know what they do exactly xwx
when i don't have shitposts to boost and homework to write
re: mastoadmin
@churusaa oh that is right. I didn't think it was that literal with it.. idky.
I'm both mad and fine with this