add HSTS Policy warning

Add warning about HSTS header as it means user will need to provide secure connection access to site for next 24 months from page view. See https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security for more details.

add HSTS Policy warning
Add warning about HSTS header as it means user will need to provide secure connection access to site for next 24 months from page view. See https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security for more details.
765eabea · Ben Bodenmiller · 4102eb3b · 765eabea
Commit 765eabea authored Sep 01, 2014 by Ben Bodenmiller
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 0 deletions

lib/support/nginx/gitlab-ssl lib/support/nginx/gitlab-ssl +2 -0

No files found.
--- a/lib/support/nginx/gitlab-ssl
+++ b/lib/support/nginx/gitlab-ssl
@@ -83,6 +83,8 @@ server {

  ssl_prefer_server_ciphers   on;

+  ## [WARNING] The following header states that the browser should only communicate 
+  ## with your server over a secure connection for the next 24 months.
  add_header Strict-Transport-Security max-age=63072000;
  add_header X-Frame-Options SAMEORIGIN;
  add_header X-Content-Type-Options nosniff;