Welcome! Log In Create A New Profile

Advanced

Re: Receiving 2 strict-transport-security headers with different times

Previous Message Next Message
Forum List Message List New Topic Print View
dewanggaba
February 07, 2015 11:08PM
I've got same experience with Laravel framework. They have another
configuration to set header like that.

What web apps framework do you use?

On Sunday, February 8, 2015, deltaxfx <nginx-forum@nginx.us> wrote:

> I have a domain setup with SSL and I am trying to get HSTS headers working.
> I have done this in NGINX before with no problem. On this new domain I
> can't
> seem to get HSTS working properly. Not sure what I am doing wrong.
> I have the following in the server block for the SSL server:
> add_header Strict-Transport-Security "max-age=31536000;";
>
> When I run "curl -s -D- https://my.domain.net/ | grep Strict"
> I receive the following:
> Strict-Transport-Security: max-age=0
> Strict-Transport-Security: max-age=31536000;
>
> From all the reading I've done trying to figure this out, my impression is
> that with the add_header in the server directive, that will override any
> previous declaration (there are none). Is that correct?
> I grep'ed my entire /etc directory and there is only one instance of
> "max-age" and that is in my ssl server config, with one year (31536000
> seconds). So no where on this system, which was just built, and only
> accessed by me, is there any reference to HSTS with max-age=0. There is
> only
> one config in sites-enabled, and that is for my.domain.net. There is a
> port
> 80 config with a return 301 statement to permanently redirect to the SSL
> server config.
>
> My nginx version is 1.6.2, on Ubuntu 14.04 LTS.
> I have been unable to find any help on the web for where the invalid
> (max-age=0) could be coming from. When testing on ssllabs they report the
> max-age=0 header. When running the curl statement above on my local network
> I show the above output.
>
> I'm not sure where to go from here trying to figure this out. There is
> nothing in the NGINX error log, I wouldn't expect anything as NGINX
> restarts
> with no issues.
>
> Thanks for reading!
>
> Posted at Nginx Forum:
> http://forum.nginx.org/read.php?2,256508,256508#msg-256508
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org <javascript:;>
> http://mailman.nginx.org/mailman/listinfo/nginx
>


--
Sent from iDewangga Device
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

Receiving 2 strict-transport-security headers with different times

deltaxfx February 07, 2015 08:08PM

Re: Receiving 2 strict-transport-security headers with different times

dewanggaba February 07, 2015 11:08PM

Re: Receiving 2 strict-transport-security headers with different times

deltaxfx February 07, 2015 11:32PM

Re: [Solved] Receiving 2 strict-transport-security headers with different times

deltaxfx February 07, 2015 11:42PM

Re: Receiving 2 strict-transport-security headers with different times

NitrouZ February 07, 2015 11:44PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 301
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready