Do not include subtomains in STS header.
This commit is contained in:
parent
b512fbc0ec
commit
8a0bfa4998
1 changed files with 1 additions and 1 deletions
|
@ -162,7 +162,7 @@ class ApplicationController < ActionController::Base
|
||||||
headers['X-XSS-Protection'] = '1; mode=block'
|
headers['X-XSS-Protection'] = '1; mode=block'
|
||||||
headers['X-UA-Compatible'] = 'IE=edge'
|
headers['X-UA-Compatible'] = 'IE=edge'
|
||||||
headers['X-Content-Type-Options'] = 'nosniff'
|
headers['X-Content-Type-Options'] = 'nosniff'
|
||||||
headers['Strict-Transport-Security'] = 'max-age=31536000; includeSubDomains' if Gitlab.config.gitlab.https
|
headers['Strict-Transport-Security'] = 'max-age=31536000' if Gitlab.config.gitlab.https
|
||||||
end
|
end
|
||||||
|
|
||||||
def add_gon_variables
|
def add_gon_variables
|
||||||
|
|
Loading…
Reference in a new issue