From 765eabeacccbc199bb2a762dffdb7abde6adb246 Mon Sep 17 00:00:00 2001
From: Ben Bodenmiller <bbodenmiller@hotmail.com>
Date: Mon, 1 Sep 2014 15:47:15 -0700
Subject: add HSTS Policy warning

Add warning about HSTS header as it means user will need to provide secure connection access to site for next 24 months from page view. See https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security for more details.
---
 lib/support/nginx/gitlab-ssl | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'lib/support/nginx')

diff --git a/lib/support/nginx/gitlab-ssl b/lib/support/nginx/gitlab-ssl
index 9ab228b46d7..9125a813888 100644
--- a/lib/support/nginx/gitlab-ssl
+++ b/lib/support/nginx/gitlab-ssl
@@ -83,6 +83,8 @@ server {
 
   ssl_prefer_server_ciphers   on;
 
+  ## [WARNING] The following header states that the browser should only communicate 
+  ## with your server over a secure connection for the next 24 months.
   add_header Strict-Transport-Security max-age=63072000;
   add_header X-Frame-Options SAMEORIGIN;
   add_header X-Content-Type-Options nosniff;
-- 
cgit v1.2.1