Commit 8a0bfa49 authored by Marin Jankovski's avatar Marin Jankovski

Do not include subtomains in STS header.

parent b512fbc0
...@@ -162,7 +162,7 @@ class ApplicationController < ActionController::Base ...@@ -162,7 +162,7 @@ class ApplicationController < ActionController::Base
headers['X-XSS-Protection'] = '1; mode=block' headers['X-XSS-Protection'] = '1; mode=block'
headers['X-UA-Compatible'] = 'IE=edge' headers['X-UA-Compatible'] = 'IE=edge'
headers['X-Content-Type-Options'] = 'nosniff' headers['X-Content-Type-Options'] = 'nosniff'
headers['Strict-Transport-Security'] = 'max-age=31536000; includeSubDomains' if Gitlab.config.gitlab.https headers['Strict-Transport-Security'] = 'max-age=31536000' if Gitlab.config.gitlab.https
end end
def add_gon_variables def add_gon_variables
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment