From d08cc6a16870e55bd2df3161596a0601539eb8e8 Mon Sep 17 00:00:00 2001
From: Dorian Niemiec <dorian.niemiec@svrjs.org>
Date: Fri, 8 Nov 2024 17:24:30 +0100
Subject: [PATCH] docs: remove the Strict-Transport-Security header from web
 server configurations

---
 docs/deployment/pm2-nginx.md | 1 -
 docs/deployment/svrjs.md     | 1 -
 2 files changed, 2 deletions(-)

diff --git a/docs/deployment/pm2-nginx.md b/docs/deployment/pm2-nginx.md
index 86bd1cf..bf2131e 100644
--- a/docs/deployment/pm2-nginx.md
+++ b/docs/deployment/pm2-nginx.md
@@ -48,7 +48,6 @@ server {
     listen 80;
     server_name _;
 
-    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
     add_header x-content-type-options "nosniff";
     add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'sha256-VA8O2hAdooB288EpSTrGLl7z3QikbWU9wwoebO/QaYk=' 'sha256-+5XkZFazzJo8n0iOP4ti/cLCMUudTf//Mzkb7xNPXIc=' 'sha256-MS6/3FCg4WjP9gwgaBGwLpRCY6fZBgwmhVCdrPrNf3E=' 'sha256-tQjf8gvb2ROOMapIxFvFAYBeUJ0v1HCbOcSmDNXGtDo='; style-src 'self' 'unsafe-inline'; frame-src 'self' data:";
     add_header Referrer-Policy "strict-origin-when-cross-origin";
diff --git a/docs/deployment/svrjs.md b/docs/deployment/svrjs.md
index 571bba3..2b358cf 100644
--- a/docs/deployment/svrjs.md
+++ b/docs/deployment/svrjs.md
@@ -21,7 +21,6 @@ Open the `/etc/svrjs-config.json` file in your preferred text editor, and alter
 ```json
 {
   "customHeaders": {
-    "Strict-Transport-Security": "max-age=31536000; includeSubDomains; preload",
     "x-content-type-options": "nosniff",
     "Content-Security-Policy": "default-src 'self'; script-src 'self' 'sha256-VA8O2hAdooB288EpSTrGLl7z3QikbWU9wwoebO/QaYk=' 'sha256-+5XkZFazzJo8n0iOP4ti/cLCMUudTf//Mzkb7xNPXIc=' 'sha256-MS6/3FCg4WjP9gwgaBGwLpRCY6fZBgwmhVCdrPrNf3E=' 'sha256-tQjf8gvb2ROOMapIxFvFAYBeUJ0v1HCbOcSmDNXGtDo='; style-src 'self' 'unsafe-inline'; frame-src 'self' data:",
     "Referrer-Policy": "strict-origin-when-cross-origin",