diff --git a/roles/fedora-web/getfedora/files/getfedora.org.conf b/roles/fedora-web/getfedora/files/getfedora.org.conf index 9180635cbc..7fc238f794 100644 --- a/roles/fedora-web/getfedora/files/getfedora.org.conf +++ b/roles/fedora-web/getfedora/files/getfedora.org.conf @@ -3,8 +3,6 @@ Alias /favicon.ico /srv/web/fedoraproject.org/static/images/favicon.ico AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/x-javascript -Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" - FileETag MTime Size ExpiresActive On diff --git a/roles/httpd/reverseproxy/templates/reversepassproxy.bodhi.conf b/roles/httpd/reverseproxy/templates/reversepassproxy.bodhi.conf index 4cfa0a35d5..bbb254330d 100644 --- a/roles/httpd/reverseproxy/templates/reversepassproxy.bodhi.conf +++ b/roles/httpd/reverseproxy/templates/reversepassproxy.bodhi.conf @@ -4,5 +4,3 @@ Header unset Set-Cookie ProxyPass {{localpath}} {{proxyurl}}{{remotepath}} ProxyPassReverse {{localpath}} {{proxyurl}}{{remotepath}} - -Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" diff --git a/roles/httpd/reverseproxy/templates/reversepassproxy.elections.conf b/roles/httpd/reverseproxy/templates/reversepassproxy.elections.conf index d9c3efc5e7..b1c1a3a2d5 100644 --- a/roles/httpd/reverseproxy/templates/reversepassproxy.elections.conf +++ b/roles/httpd/reverseproxy/templates/reversepassproxy.elections.conf @@ -8,5 +8,3 @@ Header unset Set-Cookie ProxyPass {{localpath}} {{proxyurl}}{{remotepath}} ProxyPassReverse {{localpath}} {{proxyurl}}{{remotepath}} - -Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" diff --git a/roles/httpd/reverseproxy/templates/reversepassproxy.fas.conf b/roles/httpd/reverseproxy/templates/reversepassproxy.fas.conf index 7048e74879..beb69201b5 100644 --- a/roles/httpd/reverseproxy/templates/reversepassproxy.fas.conf +++ b/roles/httpd/reverseproxy/templates/reversepassproxy.fas.conf @@ -10,5 +10,3 @@ ProxyPassReverse /accounts/user/dogencert http://fas1/ ProxyPass {{localpath}} {{proxyurl}}{{remotepath}} ProxyPassReverse {{localpath}} {{proxyurl}}{{remotepath}} - -Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" diff --git a/roles/httpd/reverseproxy/templates/reversepassproxy.id.conf b/roles/httpd/reverseproxy/templates/reversepassproxy.id.conf index c94b9f77dd..ec258f884c 100644 --- a/roles/httpd/reverseproxy/templates/reversepassproxy.id.conf +++ b/roles/httpd/reverseproxy/templates/reversepassproxy.id.conf @@ -26,8 +26,6 @@ RewriteRule ^([a-z0-9-]+)\.id\.fedoraproject\.org/.* {{proxyurl}}/openid/id/$1/ RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L] -Header always add Strict-Transport-Security "max-age=15768000; preload" - RewriteRule ^(.+) - [PT] diff --git a/roles/httpd/reverseproxy/templates/reversepassproxy.pkgdb.conf b/roles/httpd/reverseproxy/templates/reversepassproxy.pkgdb.conf index b89e28384d..c1cf163030 100644 --- a/roles/httpd/reverseproxy/templates/reversepassproxy.pkgdb.conf +++ b/roles/httpd/reverseproxy/templates/reversepassproxy.pkgdb.conf @@ -37,5 +37,3 @@ Header unset Set-Cookie ProxyPass {{localpath}} {{proxyurl}}{{remotepath}} ProxyPassReverse {{localpath}} {{proxyurl}}{{remotepath}} - -Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" diff --git a/roles/httpd/website/templates/website.conf b/roles/httpd/website/templates/website.conf index f70b434834..abdc8dc2fe 100644 --- a/roles/httpd/website/templates/website.conf +++ b/roles/httpd/website/templates/website.conf @@ -14,6 +14,7 @@ RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [NE] + Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" {% else %} Include "conf.d/{{ name }}/*.conf" {% endif %}