Caddy incorrect syntax for hsts header

mozilla / ssl-config-generator

Mozilla SSL Configuration Generator

https://ssl-config.mozilla.org/

Mozilla Public License 2.0

360 stars 59 forks source link

Caddy incorrect syntax for hsts header #170

Closed demifiend9 closed 7 months ago

demifiend9 commented 2 years ago

Caddy uses exact path matchers.

header / Strict-Transport-Security "max-age=63072000" would only match example.com/ and will not send header in any other url like example.com/path/

Removing / from the syntax or using * will enable the header to be sent on all urls:

header Strict-Transport-Security "max-age=63072000" or header * Strict-Transport-Security "max-age=63072000", both are same.

janbrasna commented 2 years ago

Will land via #153

gene1wood commented 7 months ago

Fixed in #153

gene1wood commented 7 months ago

@demifiend9 Thanks for reporting this!