Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    HSTS Preload

    Feature Requests
    2
    2
    124
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • alex-adestech
      alex-adestech last edited by girish

      It would be nice to have a way to modify the default nginx headers of WordPress Apps.

      By default, WordPress Apps in Cloudron have the header "strict-transport-security: max-age=63072000". You can find a screenshot below and the reference in here: https://git.cloudron.io/cloudron/box/-/blob/master/src/nginxconfig.ejs#L98

      This feature request would be useful in several ways; one of them is because there are simple requirements to submit a domain to the HSTS Preload List. The requirements are adding the "strict-transport-security" header with:

      • The max-age must be at least 31536000 seconds (1 year).
      • The includeSubDomains directive must be specified.
      • The preload directive must be specified.

      Using a WordPress plugin I added the required header, but then I would have 2 "strict-transport-security" headers that would result in an "ineligibility" status by submitting the HSTS Preload form.

      Please comment if you think I missed something or want to add something to this request. Thanks for reading!

      This is a screenshot of our website's headers using Chrome Tools:
      Screen Shot 2022-06-22 at 11.49.26.png

      1 Reply Last reply Reply Quote 0
      • girish
        girish Staff last edited by

        The requirements are here https://hstspreload.org/ .

        I think instead of making something generic, we can possible just add a checkbox say "Enable HSTS Preload" or something.

        1 Reply Last reply Reply Quote 3
        • First post
          Last post
        Powered by NodeBB