Stop setting Strict-Transport-Securty header from within the app

author: Paweł Chojnacki <pawel@chojnacki.ws> 2017-03-03 11:05:24 +0000
committer: Marin Jankovski <marin@gitlab.com> 2017-03-03 11:05:24 +0000
commit: 76e96878aad0a281f8c32ef98a276b499e2581ad (patch)
tree: acdfab35d10a5e5fe39c438dc664f3eb847ea0f5 /app
parent: a9a581567c6d56186feade11ad867a66ab872ca6 (diff)
download: gitlab-ce-76e96878aad0a281f8c32ef98a276b499e2581ad.tar.gz
1 files changed, 0 insertions, 4 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 32484f810da..cc7b7f247e8 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -122,10 +122,6 @@ class ApplicationController < ActionController::Base
     headers['X-XSS-Protection'] = '1; mode=block'
     headers['X-UA-Compatible'] = 'IE=edge'
     headers['X-Content-Type-Options'] = 'nosniff'
-    # Enabling HSTS for non-standard ports would send clients to the wrong port
-    if Gitlab.config.gitlab.https && Gitlab.config.gitlab.port == 443
-      headers['Strict-Transport-Security'] = 'max-age=31536000'
-    end
   end
 
   def validate_user_service_ticket!
author	Paweł Chojnacki <pawel@chojnacki.ws>	2017-03-03 11:05:24 +0000
committer	Marin Jankovski <marin@gitlab.com>	2017-03-03 11:05:24 +0000
commit	76e96878aad0a281f8c32ef98a276b499e2581ad (patch)
tree	acdfab35d10a5e5fe39c438dc664f3eb847ea0f5 /app
parent	a9a581567c6d56186feade11ad867a66ab872ca6 (diff)
download	gitlab-ce-76e96878aad0a281f8c32ef98a276b499e2581ad.tar.gz