From 515d93380866c83af474918a3243fdc716d4f15d Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Sat, 24 Feb 2024 01:41:31 +0700 Subject: [PATCH] feat(ops/modules/www): drop hsts for .dev The .dev TLS is on the HSTS preload list, so there's no need to set this header here at all. Change-Id: I253fa2427e75bd0808945cd5d53159cac74e7f8b Reviewed-on: https://cl.tvl.fyi/c/depot/+/11018 Autosubmit: flokli Reviewed-by: tazjin Tested-by: BuildkiteCI --- ops/modules/www/tvix.dev.nix | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/ops/modules/www/tvix.dev.nix b/ops/modules/www/tvix.dev.nix index 33c0bb002..f884bc30e 100644 --- a/ops/modules/www/tvix.dev.nix +++ b/ops/modules/www/tvix.dev.nix @@ -11,20 +11,12 @@ enableACME = true; forceSSL = true; root = depot.tvix.website; - - extraConfig = '' - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; - ''; }; services.nginx.virtualHosts."bolt.tvix.dev" = { root = depot.web.tvixbolt; enableACME = true; forceSSL = true; - - extraConfig = '' - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; - ''; }; # old domain, serve redirect @@ -40,8 +32,6 @@ forceSSL = true; extraConfig = '' - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; - location = / { # until we have a better default page here return 301 https://docs.tvix.dev/rust/tvix_eval/index.html;