Skip to content
Snippets Groups Projects

Only enable HSTS header for HTTPS and port 443

Merged Only enable HSTS header for HTTPS and port 443
stanhu/gitlab-ce:hsts-check-port-443 into master
Merged Stan Hu requested to merge stanhu/gitlab-ce:hsts-check-port-443 into master

What does this MR do?

This MR adds a check that the port used is 443, in addition to HTTPS being enabled, when activating the HSTS header.

Why was this MR needed?

If a user is using a non-standard port for SSL, enabling this header would send clients to port 443 when that port is invalid.

What are the relevant issue numbers?

Closes https://github.com/gitlabhq/gitlabhq/issues/9449

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
Please register or sign in to reply