Y
Hacker News
new
|
ask
|
show
|
jobs
by
lifeeth_
4503 days ago
You should probably add -> "add_header Strict-Transport-Security max-age=31536000;" to your nginx config.
1 comments
RKearney
4503 days ago
Bad idea. Then anyone who accesses it over HTTPS won't be able to use HTTP anymore and HTTPS requires a paid plan of some sort.
Ideally they should be on separate domains, at which point HSTS would be more suited.
link
lifeeth_
4503 days ago
Paid plan for API access I guess - hoping one wont use the same environment for both. I meant this for the stripe frame which kicks in, cant really trust an https frame that has a start from http.
link
Ideally they should be on separate domains, at which point HSTS would be more suited.