mirror of
https://github.com/thib8956/nginx-proxy
synced 2024-12-26 04:26:31 +00:00
Merge pull request #1111 from kamermans/bugfix/cant-disable-hsts-noredirect
Fixed #1080, can't disable HSTS with noredirect
This commit is contained in:
commit
7dd97d4bc3
@ -19,7 +19,7 @@
|
||||
server 127.0.0.1 down;
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
|
||||
|
||||
{{ end }}
|
||||
|
||||
# If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the
|
||||
@ -262,7 +262,7 @@ server {
|
||||
ssl_trusted_certificate {{ printf "/etc/nginx/certs/%s.chain.pem" $cert }};
|
||||
{{ end }}
|
||||
|
||||
{{ if (and (ne $https_method "noredirect") (ne $hsts "off")) }}
|
||||
{{ if (not (or (eq $https_method "noredirect") (eq $hsts "off"))) }}
|
||||
add_header Strict-Transport-Security "{{ trim $hsts }}" always;
|
||||
{{ end }}
|
||||
|
||||
|
@ -24,3 +24,10 @@ def test_web3_HSTS_custom(docker_compose, nginxproxy):
|
||||
assert "answer from port 81\n" in r.text
|
||||
assert "Strict-Transport-Security" in r.headers
|
||||
assert "max-age=86400; includeSubDomains; preload" == r.headers["Strict-Transport-Security"]
|
||||
|
||||
# Regression test for issue 1080
|
||||
# https://github.com/jwilder/nginx-proxy/issues/1080
|
||||
def test_web4_HSTS_off_noredirect(docker_compose, nginxproxy):
|
||||
r = nginxproxy.get("https://web4.nginx-proxy.tld/port", allow_redirects=False)
|
||||
assert "answer from port 81\n" in r.text
|
||||
assert "Strict-Transport-Security" not in r.headers
|
||||
|
@ -24,6 +24,16 @@ web3:
|
||||
VIRTUAL_HOST: "web3.nginx-proxy.tld"
|
||||
HSTS: "max-age=86400; includeSubDomains; preload"
|
||||
|
||||
web4:
|
||||
image: web
|
||||
expose:
|
||||
- "81"
|
||||
environment:
|
||||
WEB_PORTS: "81"
|
||||
VIRTUAL_HOST: "web4.nginx-proxy.tld"
|
||||
HSTS: "off"
|
||||
HTTPS_METHOD: "noredirect"
|
||||
|
||||
sut:
|
||||
image: jwilder/nginx-proxy:test
|
||||
volumes:
|
||||
|
Loading…
Reference in New Issue
Block a user