Stop setting Strict-Transport-Securty header from within the app (!9341) · Merge requests · GitLab.org / GitLab FOSS

username-removed-676946 requested to merge pchojnacki/gitlab-ce:3440-remove-hsts-header-from-rails-app into master Feb 17, 2017

Why was this MR needed?

Setting HSTS header is potentially harmful operation that should be decided on per installation basis. With that in mind its best to set HSTS headers at edge i.e. in Nginx.

Does this MR meet the acceptance criteria?

Changelog entry added
Documentation created/updated
Conform by the merge request performance guides
Conform by the style guides
Branch has no merge conflicts with master (if it does - rebase it please)
Squashed related commits together

Corresponding MR in Omnibus

omnibus-gitlab!1330 (merged)

What are the relevant issue numbers?

Related to #3440 (closed)

Admin message

Admin message

Stop setting Strict-Transport-Securty header from within the app

Why was this MR needed?

Does this MR meet the acceptance criteria?

Corresponding MR in Omnibus

What are the relevant issue numbers?

Merge request reports