DBC22-1926: Add Strict Transport Security Header (#430)

bcgov · May 7, 2024 · 9e65a34 · 9e65a34
1 parent b085f82
commit 9e65a34
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/compose/frontend/default.conf b/compose/frontend/default.conf
@@ -60,6 +60,7 @@ server {
     server_name  localhost;
     root         /usr/share/nginx/html;
     access_log /logs/$hostname-$formatted_date-access.log drivebc;
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
 
     location / {
         index  index.html index.htm;
@@ -72,6 +73,7 @@ server {
         try_files $uri =404;
         expires    modified +1s;
         add_header Last-Modified "";
+        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
     }
 
     # Caching data from the API
@@ -89,6 +91,7 @@ server {
         proxy_cache_valid 200 1m;
         add_header X-Proxy-Cache $upstream_cache_status;
         proxy_cache_bypass $http_cachebypass;
+        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
     }
 
     location /django-media/ {
@@ -104,6 +107,7 @@ server {
         proxy_cache_valid 200 1d;
         add_header X-Proxy-Cache $upstream_cache_status;
         proxy_cache_bypass $http_cachebypass;
+        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
     }
 
     # redirect server error pages to the static page /50x.html