HSTS Header is added on HTTP hosts - Incorrect implementation of RFC6797

StanvanHoorn commented 2 years ago

Checklist

Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
- Yes / No
Are you sure you're not using someone else's docker image?
- Yes / No
Have you searched for similar issues (both open and closed)?
- Yes / No

Describe the bug HSTS is added in the server block of the Nginx for both port 80 and 443 resulting in warnings in various online tooling including hstspreload.org. This probably is caused by the fact that the generated Nginx config combines the port 80 and 443 servers. See: #1 - Redirection host template; #2 - Listen config; #3 - HSTS config

Possible solution Make different server config blocks for port 80 and 443, and only include the HSTS config in the one for 443 if enabled.

Nginx Proxy Manager Version v2.9.18

StanvanHoorn commented 1 year ago

Any plans to fix this?

github-actions[bot] commented 9 months ago

Issue is now considered stale. If you want to keep it open, please comment :+1:

StanvanHoorn commented 9 months ago

As far as I know, this issue still persists

github-actions[bot] commented 4 days ago

Issue is now considered stale. If you want to keep it open, please comment :+1:

NginxProxyManager / nginx-proxy-manager

HSTS Header is added on HTTP hosts - Incorrect implementation of RFC6797 #2360