Possible issue with drupal secure pages module and strict transport security header

Created on 8 January 2013, almost 12 years ago
Updated 26 November 2024, 27 days ago

I'm not 100% sure about this, but I believe the following in my nginx config is creating an issue:

add_header Strict-Transport-Security "max-age=7200";

It creates a circular loop between non-secure and secure designated pages. This only happens with Chrome. For those who don't know, HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTP connections. (http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security)

Anybody have a similar experience?

πŸ’¬ Support request
Status

Closed: outdated

Component

Miscellaneous

Created by

πŸ‡ΊπŸ‡ΈUnited States moehac

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • πŸ‡ΊπŸ‡¦Ukraine AstonVictor

    I'm closing it because the issue was created a long time ago without any further steps.

    if you still need it then raise a new one.
    thanks

Production build 0.71.5 2024