Skip to content

Commit

Permalink
Comply with HSTS RFC
Browse files Browse the repository at this point in the history 
From the [RFC documentation](https://tools.ietf.org/html/rfc6797#section-7.2)
it seems like we "SHOULD" make the http->https redirect permanent (301)
instead of a temporary redirect (302), and that we "MUST NOT" include an
STS header in our redirect response over HTTP which is insecure.
  • Loading branch information
@consideRatio
consideRatio committed Apr 24, 2020
1 parent 2c66fff commit 032daba
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion jupyterhub/templates/proxy/autohttps/_configmap-dynamic.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ http:
# A middleware to redirect to https
redirect:
redirectScheme:
permanent: true
scheme: https
# A middleware to add a X-Scheme (X-Forwarded-Proto) header that
# JupyterHub's Tornado web-server needs if expecting to serve https
Expand Down Expand Up @@ -69,7 +70,6 @@ http:
entrypoints:
- "http"
middlewares:
- "hsts"
- "redirect"
rule: PathPrefix(`/`)
service: default
Expand Down

0 comments on commit 032daba

Please sign in to comment.