DevFW-CICD/ingress-nginx-helm
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Increase HSTS max-age to default to one year (#10564)

Browse source
This commit is contained in:
Michael Dreher 2023-10-27 12:50:37 +02:00 committed by GitHub
parent 7e7001d2a0
commit 8c3aeaae4a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 5 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
docs/user-guide/nginx-configuration/configmap.md
View file

@ -62,7 +62,7 @@ The following table shows a configuration option's name, type, and the default v
|[http2-max-concurrent-streams](#http2-max-concurrent-streams)|int|128|| |[http2-max-concurrent-streams](#http2-max-concurrent-streams)|int|128||
|[hsts](#hsts)|bool|"true"|| |[hsts](#hsts)|bool|"true"||
|[hsts-include-subdomains](#hsts-include-subdomains)|bool|"true"|| |[hsts-include-subdomains](#hsts-include-subdomains)|bool|"true"||
|[hsts-max-age](#hsts-max-age)|string|"15724800"|| |[hsts-max-age](#hsts-max-age)|string|"31536000"||
|[hsts-preload](#hsts-preload)|bool|"false"|| |[hsts-preload](#hsts-preload)|bool|"false"||
|[keep-alive](#keep-alive)|int|75|| |[keep-alive](#keep-alive)|int|75||
|[keep-alive-requests](#keep-alive-requests)|int|1000|| |[keep-alive-requests](#keep-alive-requests)|int|1000||

2
internal/ingress/controller/config/config.go
View file

@ -46,7 +46,7 @@ const (
// that tell browsers that it should only be communicated with using HTTPS, instead of using HTTP. // that tell browsers that it should only be communicated with using HTTPS, instead of using HTTP.
// https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security // https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security
// max-age is the time, in seconds, that the browser should remember that this site is only to be accessed using HTTPS. // max-age is the time, in seconds, that the browser should remember that this site is only to be accessed using HTTPS.
hstsMaxAge = "15724800" hstsMaxAge = "31536000"
gzipTypes = "application/atom+xml application/javascript application/x-javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/javascript text/plain text/x-component" gzipTypes = "application/atom+xml application/javascript application/x-javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/javascript text/plain text/x-component"

2
test/data/cleanConf.expected.conf
View file

@ -47,7 +47,7 @@ http {
listen_ports = { ssl_proxy = "442", https = "443" }, listen_ports = { ssl_proxy = "442", https = "443" },
hsts = true, hsts = true,
hsts_max_age = 15724800, hsts_max_age = 31536000,
hsts_include_subdomains = true, hsts_include_subdomains = true,
hsts_preload = false, hsts_preload = false,
}) })

2
test/data/cleanConf.src.conf
View file

@ -65,7 +65,7 @@ lua_shared_dict ocsp_response_cache 5M;
listen_ports = { ssl_proxy = "442", https = "443" }, listen_ports = { ssl_proxy = "442", https = "443" },
hsts = true, hsts = true,
hsts_max_age = 15724800, hsts_max_age = 31536000,
hsts_include_subdomains = true, hsts_include_subdomains = true,
hsts_preload = false, hsts_preload = false,
}) })

2
test/data/config.json
View file

@ -25,7 +25,7 @@
"gzipTypes": "application/atom+xml application/javascript application/x-javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/javascript text/plain text/x-component", "gzipTypes": "application/atom+xml application/javascript application/x-javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/javascript text/plain text/x-component",
"hsts": true, "hsts": true,
"hstsIncludeSubdomains": true, "hstsIncludeSubdomains": true,
"hstsMaxAge": "15724800", "hstsMaxAge": "31536000",
"keepAlive": 75, "keepAlive": 75,
"mapHashBucketSize": 64, "mapHashBucketSize": 64,
"maxWorkerConnections": 16384, "maxWorkerConnections": 16384,