Do not include subtomains in STS header.

Marin Jankovski
1 parent b512fbc0
Showing 1 changed file with 1 additions and 1 deletions Show diff stats
app/controllers/application_controller.rb
@@ -162,7 +162,7 @@ class ApplicationController &lt; ActionController::Base
     headers['X-XSS-Protection'] = '1; mode=block'
     headers['X-UA-Compatible'] = 'IE=edge'
     headers['X-Content-Type-Options'] = 'nosniff'
-    headers['Strict-Transport-Security'] = 'max-age=31536000; includeSubDomains' if Gitlab.config.gitlab.https
+    headers['Strict-Transport-Security'] = 'max-age=31536000' if Gitlab.config.gitlab.https
   end
   def add_gon_variables
	@@ -162,7 +162,7 @@ class ApplicationController < ActionController::Base		@@ -162,7 +162,7 @@ class ApplicationController < ActionController::Base
162	headers['X-XSS-Protection'] = '1; mode=block'	162	headers['X-XSS-Protection'] = '1; mode=block'
163	headers['X-UA-Compatible'] = 'IE=edge'	163	headers['X-UA-Compatible'] = 'IE=edge'
164	headers['X-Content-Type-Options'] = 'nosniff'	164	headers['X-Content-Type-Options'] = 'nosniff'
165	- headers['Strict-Transport-Security'] = 'max-age=31536000; includeSubDomains' if Gitlab.config.gitlab.https	165	+ headers['Strict-Transport-Security'] = 'max-age=31536000' if Gitlab.config.gitlab.https
166	end	166	end
167		167
168	def add_gon_variables	168	def add_gon_variables