From cd94db9c03a23248e850ce8f6e4f115b14e38138 Mon Sep 17 00:00:00 2001 From: Leopere Date: Tue, 15 Apr 2025 16:33:47 -0400 Subject: [PATCH] temporarily disable HSTS to resolve certificate provisioning issues --- docker/resume/Caddyfile | 2 +- tests/server.js | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docker/resume/Caddyfile b/docker/resume/Caddyfile index ee461d4..957e32c 100644 --- a/docker/resume/Caddyfile +++ b/docker/resume/Caddyfile @@ -10,7 +10,7 @@ -X-Powered-By # HSTS - Strict-Transport-Security "max-age=31536000; includeSubDomains" + # Strict-Transport-Security "max-age=31536000; includeSubDomains" # Basic security headers X-Frame-Options "DENY" diff --git a/tests/server.js b/tests/server.js index 6214c5b..c727bcb 100644 --- a/tests/server.js +++ b/tests/server.js @@ -32,7 +32,7 @@ app.use((req, res, next) => { res.setHeader('X-XSS-Protection', '1; mode=block'); res.setHeader('Referrer-Policy', 'strict-origin-when-cross-origin'); res.setHeader('Permissions-Policy', 'geolocation=(), microphone=(), camera=()'); - res.setHeader('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'); + // res.setHeader('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'); next(); });