1
0
mirror of https://github.com/thib8956/nginx-proxy synced 2024-11-24 21:06:31 +00:00

Fixed #1080, can't disable HSTS with noredirect

This commit is contained in:
Steve Kamerman 2018-03-26 13:27:30 -04:00
parent a285717657
commit 936e57a6de
No known key found for this signature in database
GPG Key ID: D39F3EEFC1837DF1
3 changed files with 19 additions and 2 deletions

View File

@ -19,7 +19,7 @@
server 127.0.0.1 down; server 127.0.0.1 down;
{{ end }} {{ end }}
{{ end }} {{ end }}
{{ end }} {{ end }}
# If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the # If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the
@ -262,7 +262,7 @@ server {
ssl_trusted_certificate {{ printf "/etc/nginx/certs/%s.chain.pem" $cert }}; ssl_trusted_certificate {{ printf "/etc/nginx/certs/%s.chain.pem" $cert }};
{{ end }} {{ end }}
{{ if (and (ne $https_method "noredirect") (ne $hsts "off")) }} {{ if (not (or (eq $https_method "noredirect") (eq $hsts "off"))) }}
add_header Strict-Transport-Security "{{ trim $hsts }}" always; add_header Strict-Transport-Security "{{ trim $hsts }}" always;
{{ end }} {{ end }}

View File

@ -24,3 +24,10 @@ def test_web3_HSTS_custom(docker_compose, nginxproxy):
assert "answer from port 81\n" in r.text assert "answer from port 81\n" in r.text
assert "Strict-Transport-Security" in r.headers assert "Strict-Transport-Security" in r.headers
assert "max-age=86400; includeSubDomains; preload" == r.headers["Strict-Transport-Security"] assert "max-age=86400; includeSubDomains; preload" == r.headers["Strict-Transport-Security"]
# Regression test for issue 1080
# https://github.com/jwilder/nginx-proxy/issues/1080
def test_web4_HSTS_off_noredirect(docker_compose, nginxproxy):
r = nginxproxy.get("https://web4.nginx-proxy.tld/port", allow_redirects=False)
assert "answer from port 81\n" in r.text
assert "Strict-Transport-Security" not in r.headers

View File

@ -24,6 +24,16 @@ web3:
VIRTUAL_HOST: "web3.nginx-proxy.tld" VIRTUAL_HOST: "web3.nginx-proxy.tld"
HSTS: "max-age=86400; includeSubDomains; preload" HSTS: "max-age=86400; includeSubDomains; preload"
web4:
image: web
expose:
- "81"
environment:
WEB_PORTS: "81"
VIRTUAL_HOST: "web4.nginx-proxy.tld"
HSTS: "off"
HTTPS_METHOD: "noredirect"
sut: sut:
image: jwilder/nginx-proxy:test image: jwilder/nginx-proxy:test
volumes: volumes: