web: Add ENABLE_HSTS flag to disable strict-transport-security header

2020-12-17 20:32:54 +12:00
parent f8560371f5
commit 0b2514101c
3 changed files with 8 additions and 0 deletions
--- a/env.example
+++ b/env.example
@@ -364,6 +364,11 @@ JIBRI_LOGS_DIR=/config/logs
 # Necessary for Let's Encrypt, relies on standard HTTPS port (443)
 #ENABLE_HTTP_REDIRECT=1

+# Send a `strict-transport-security` header to force browsers to use
+# a secure and trusted connection. Recommended for production use.
+# Defaults to 1 (send the header).
+# ENABLE_HSTS=1
+
 # Enable IPv6
 # Provides means to disable IPv6 in environments that don't support it (get with the times, people!)
 #ENABLE_IPV6=1