Move HSTS header to Nginx?
Related to gitlab-com/support-forum#408
We currently set the Strict Transport header in the application controller. SSL is terminated at Nginx so I wonder if Nginx isn't the best option for adding this header. Also, as the user in the above issue notes, as it is now this only has effect for GitLab rails server itself. This does not affect Mattermost and other virtual hosts configured in Nginx.
If discussion here reveals that we should move the header we need to:
- Create an issue in Omnibus
- Add documentation in the manual update guide
- Remove the header from GitLab