docs: remove the Strict-Transport-Security header from web server configurations

2024-11-08 17:24:30 +01:00 · 2024-11-08 17:24:30 +01:00 · d08cc6a168
commit d08cc6a168
parent 5698071d47
2 changed files with 0 additions and 2 deletions
--- a/docs/deployment/pm2-nginx.md
+++ b/docs/deployment/pm2-nginx.md
@ -48,7 +48,6 @@ server {
    listen 80;
    server_name _;

-    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
    add_header x-content-type-options "nosniff";
    add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'sha256-VA8O2hAdooB288EpSTrGLl7z3QikbWU9wwoebO/QaYk=' 'sha256-+5XkZFazzJo8n0iOP4ti/cLCMUudTf//Mzkb7xNPXIc=' 'sha256-MS6/3FCg4WjP9gwgaBGwLpRCY6fZBgwmhVCdrPrNf3E=' 'sha256-tQjf8gvb2ROOMapIxFvFAYBeUJ0v1HCbOcSmDNXGtDo='; style-src 'self' 'unsafe-inline'; frame-src 'self' data:";
    add_header Referrer-Policy "strict-origin-when-cross-origin";
--- a/docs/deployment/svrjs.md
+++ b/docs/deployment/svrjs.md
@ -21,7 +21,6 @@ Open the `/etc/svrjs-config.json` file in your preferred text editor, and alter
 ```json
 {
  "customHeaders": {
-    "Strict-Transport-Security": "max-age=31536000; includeSubDomains; preload",
    "x-content-type-options": "nosniff",
    "Content-Security-Policy": "default-src 'self'; script-src 'self' 'sha256-VA8O2hAdooB288EpSTrGLl7z3QikbWU9wwoebO/QaYk=' 'sha256-+5XkZFazzJo8n0iOP4ti/cLCMUudTf//Mzkb7xNPXIc=' 'sha256-MS6/3FCg4WjP9gwgaBGwLpRCY6fZBgwmhVCdrPrNf3E=' 'sha256-tQjf8gvb2ROOMapIxFvFAYBeUJ0v1HCbOcSmDNXGtDo='; style-src 'self' 'unsafe-inline'; frame-src 'self' data:",
    "Referrer-Policy": "strict-origin-when-cross-origin",