Frank's patch outputs this header. It does not generate the
includeSubDomains|| and/or preload directives.
http.c: BIO_printf(cl, "Strict-Transport-Security: max-age=%d\r\n",
svc->sts);
On 1/7/20 3:13 PM, Fathi Ben Nasr wrote:
Hi,
What is the resulting header when you add StrictTransportSecurity
<SECONDS> to the config file ? Does it generate the
includeSubDomains|| and/or preload directives ?
TIA
Fathi B.N.
Le 31/12/2019 à 19:51, Rick O'Sullivan a écrit :
I've merged Frank's HSTS patch to add the StrictTransportSecurity
directive into my fork at https://github.com/patrodyne/pound
On 12/30/19 3:13 AM, Frank Schmirler wrote:
Am Donnerstag, 26. Dezember 2019 14:57 CET,hy...@lactose.homelinux.net schrieb:
Does Pound support HSTS ?
Does Pound support adding headers to the outgong web response?
I see the "AddHeader" option which apparently adds headers to the
incoming request (to the back-end server), but I don't see any options
that let me add headers to the outgoing response (back to the client).
I've attached the HSTS patch I posted years ago (updated to pound 2.8). With
the patch you can add the following directive to your config at service level:
StrictTransportSecurity <SECONDS>
Best regards,
Frank
--
pound mailing list
pound@apsis.ch
https://admin.hostpoint.ch/mailman/listinfo/pound_apsis.ch