Skip to content

Stop setting Strict-Transport-Securty header from within the app

Why was this MR needed?

Setting HSTS header is potentially harmful operation that should be decided on per installation basis. With that in mind its best to set HSTS headers at edge i.e. in Nginx.

Does this MR meet the acceptance criteria?

Corresponding MR in Omnibus

omnibus-gitlab!1330 (merged)

What are the relevant issue numbers?

Related to #3440 (closed)

Merge request reports

Loading