Merge pull request #71 from oparoz/patch-1
authorAaron Zauner <azet@azet.org>
Sat, 1 Nov 2014 23:56:23 +0000 (00:56 +0100)
committerAaron Zauner <azet@azet.org>
Sat, 1 Nov 2014 23:56:23 +0000 (00:56 +0100)
Wrong verb for HSTS header

src/configuration/Webservers/Apache/default-ssl

index 0428e9f..91536f8 100644 (file)
        SSLHonorCipherOrder On
        SSLCompression off
        # Add six earth month HSTS header for all users...
-       Header add Strict-Transport-Security "max-age=15768000"
+       Header set Strict-Transport-Security "max-age=15768000"
        # If you want to protect all subdomains, use the following header
        # ALL subdomains HAVE TO support HTTPS if you use this!
        # Strict-Transport-Security: "max-age=15768000 ; includeSubDomains"