Do not include subtomains in STS header.

Marin Jankovski
1 parent b512fbc0
Showing 1 changed file with 1 additions and 1 deletions Show diff stats
app/controllers/application_controller.rb
@@ -162,7 +162,7 @@ class ApplicationController &lt; ActionController::Base
     headers['X-XSS-Protection'] = '1; mode=block'
     headers['X-UA-Compatible'] = 'IE=edge'
     headers['X-Content-Type-Options'] = 'nosniff'
-    headers['Strict-Transport-Security'] = 'max-age=31536000; includeSubDomains' if Gitlab.config.gitlab.https
+    headers['Strict-Transport-Security'] = 'max-age=31536000' if Gitlab.config.gitlab.https
   end
  
   def add_gon_variables
...	...	@@ -162,7 +162,7 @@ class ApplicationController < ActionController::Base
162	162	headers['X-XSS-Protection'] = '1; mode=block'
163	163	headers['X-UA-Compatible'] = 'IE=edge'
164	164	headers['X-Content-Type-Options'] = 'nosniff'
165		- headers['Strict-Transport-Security'] = 'max-age=31536000; includeSubDomains' if Gitlab.config.gitlab.https
	165	+ headers['Strict-Transport-Security'] = 'max-age=31536000' if Gitlab.config.gitlab.https
166	166	end
167	167
168	168	def add_gon_variables
...	...