add HSTS Policy warning

Add warning about HSTS header as it means user will need to provide secure connection access to site for next 24 months from page view. See https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security for more details.
author: Ben Bodenmiller <bbodenmiller@hotmail.com> 2014-09-01 15:47:15 -0700
committer: Ben Bodenmiller <bbodenmiller@hotmail.com> 2014-09-01 15:47:15 -0700
commit: 765eabeacccbc199bb2a762dffdb7abde6adb246 (patch)
tree: 46358a58bed7ad4d0165c2c1ad1d37a32fd4144e /lib/support/nginx
parent: 4102eb3b85a1a9d43bebe116066719e6b0872566 (diff)
download: gitlab-ce-765eabeacccbc199bb2a762dffdb7abde6adb246.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/lib/support/nginx/gitlab-ssl b/lib/support/nginx/gitlab-ssl
index 9ab228b46d7..9125a813888 100644
--- a/lib/support/nginx/gitlab-ssl
+++ b/lib/support/nginx/gitlab-ssl
@@ -83,6 +83,8 @@ server {
 
   ssl_prefer_server_ciphers   on;
 
+  ## [WARNING] The following header states that the browser should only communicate 
+  ## with your server over a secure connection for the next 24 months.
   add_header Strict-Transport-Security max-age=63072000;
   add_header X-Frame-Options SAMEORIGIN;
   add_header X-Content-Type-Options nosniff;
author	Ben Bodenmiller <bbodenmiller@hotmail.com>	2014-09-01 15:47:15 -0700
committer	Ben Bodenmiller <bbodenmiller@hotmail.com>	2014-09-01 15:47:15 -0700
commit	765eabeacccbc199bb2a762dffdb7abde6adb246 (patch)
tree	46358a58bed7ad4d0165c2c1ad1d37a32fd4144e /lib/support/nginx
parent	4102eb3b85a1a9d43bebe116066719e6b0872566 (diff)
download	gitlab-ce-765eabeacccbc199bb2a762dffdb7abde6adb246.tar.gz