From 8a0bfa499891a2c9453ef5b350ecc23397ec12be Mon Sep 17 00:00:00 2001
From: Marin Jankovski <marin@gitlab.com>
Date: Fri, 3 Jan 2014 16:02:57 +0100
Subject: [PATCH] Do not include subtomains in STS header.

---
 app/controllers/application_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index cf14cd9a1df..b6501eacea3 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -162,7 +162,7 @@ class ApplicationController < ActionController::Base
     headers['X-XSS-Protection'] = '1; mode=block'
     headers['X-UA-Compatible'] = 'IE=edge'
     headers['X-Content-Type-Options'] = 'nosniff'
-    headers['Strict-Transport-Security'] = 'max-age=31536000; includeSubDomains' if Gitlab.config.gitlab.https
+    headers['Strict-Transport-Security'] = 'max-age=31536000' if Gitlab.config.gitlab.https
   end
 
   def add_gon_variables