Open d3netxer opened 5 years ago
This can be done by adding these header directives in the top-level server block:
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header Access-Control-Allow-Origin "*";
Important note: There’s one important exception: if a block includes an add_header directive itself, it does not inherit headers from enclosing blocks, and you need to redeclare all add_header directives
same thing, I can test for this fix on the dev server.
I'm moving this to a 1st priority for milestone 2. This is a requirement for our websites, and they are scanning for this now.
Create a redirect on HTTP://secondarycities.geonode.state.gov to HTTPS://secondarycities.geonode.state.gov -Must be a 301 or 302 header redirect
-Enable HSTS with max-age=31536000