[Bug] The "Strict-Transport-Security" HTTP header is not set to at least "15552000" seconds warning

linuxserver / docker-nextcloud

GNU General Public License v3.0

678 stars 128 forks source link

[Bug] The "Strict-Transport-Security" HTTP header is not set to at least "15552000" seconds warning #350

Closed k-matti closed 10 months ago

k-matti commented 10 months ago

Is there an existing issue for this?

[X] I have searched the existing issues

Current Behavior

The "Strict-Transport-Security" HTTP header is not set to at least "15552000" seconds. For enhanced security, it is recommended to enable HSTS as described in the security tips ↗

Expected Behavior

No warning

Steps To Reproduce

Go to admin dashhoard

Environment

- OS: Linux
- How docker service was installed:

CPU architecture

x86-64

Docker creation

Docker compose

Container logs

n/a

Roxedus commented 10 months ago

You can enable this yourself, as it is commented out by default in /config/nginx/ssl.conf. It does not come activated by default, because of the implications it gives in circumstances where HSTS is not wanted.