Merge pull request #14714 from Security-Onion-Solutions/jertel/wip

enable STS for browser redirects
2025-12-06 09:12:45 +01:00 · 2025-06-05 18:48:46 -04:00
parent 43e994f2c2 643afeeae7
commit aca54b4645
1 changed files with 2 additions and 0 deletions
--- a/salt/nginx/etc/nginx.conf
+++ b/salt/nginx/etc/nginx.conf
@@ -383,6 +383,7 @@ http {
 			}
 			if ($request_uri ~* ^/(?!(^/api/.*))) {
 				add_header    Set-Cookie "AUTH_REDIRECT=$request_uri;Path=/;Max-Age=14400";
+				add_header    Strict-Transport-Security   "max-age=31536000; includeSubDomains";
 			}
 			return        302 /auth/self-service/login/browser;
 		}
@@ -392,6 +393,7 @@ http {
 				return	  403;
 			}
 			add_header    Set-Cookie "ory_kratos_session=;Path=/;Max-Age=0;expires=Thu, 01 Jan 1970 00:00:00 GMT;";
+			add_header    Strict-Transport-Security   "max-age=31536000; includeSubDomains";
 			return        302 /auth/self-service/login/browser;
 		}