update

2026-06-09 14:41:15 +08:00 · 2026-06-09 14:41:15 +08:00 · a624163120
commit a624163120
parent c50569d73e
27 changed files with 215 additions and 6 deletions
--- a/ssl/hsts.conf
+++ b/ssl/hsts.conf
@ -1,5 +1,7 @@
 set $hsts_header_value "";

+# Only emit HSTS on HTTPS responses. This lets a single server block listen on
+# both 80 and 443 without sending a meaningless STS header over plain HTTP.
 if ($scheme = "https") {
 	set $hsts_header_value "max-age=31536000; includeSubDomains";
 }