jstoja
commented
7 years ago This will be easy to fix when #5 will be solved.
Closed pushcx closed 1 year ago
jstoja
commented
7 years ago This will be easy to fix when #5 will be solved.
jstoja
commented
3 years ago Hey Peter,
I see that HSTS has been added to the nginx configuration, but it hasn't been enabled yet (it's commented): https://github.com/lobsters/lobsters-ansible/blob/master/roles/nginx/files/test/nginx/sites-available/lobste.rs#L84
If it hasn't been working properly, would you have more details?
Best, Julien
pushcx
commented
1 year ago Done earlier today with commits to this and the lobsters repo.
Lobste.rs is preloaded into Chrome's list of sites that are HTTPS-only, but the headers to maintain this seem to have gone missing in the move. This is almost certainly a tweak to the nginx.conf.
More info: https://hstspreload.org/?domain=lobste.rs