-
-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update HSTS preloading recommendation in hardening section of the admin manual #4779
Labels
Milestone
Comments
Ummm ... @LukasReschke didn't we talked about this yesterday? @lgarron sorry for the unresponsiveness |
@MariusBluem Do you want to update the documentation for this? |
Fix is in nextcloud/documentation#462 |
This was referenced Apr 8, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
An article on your site contains a recommended HSTS header value that includes
preload
in the only example: https://docs.nextcloud.com/server/9/admin_manual/configuration_server/harden_server.htmlThis is going to shoot developers in the foot, and also doesn't guarantee preloading unless someone submits the site to hstspreload.org separetely. See https://hstspreload.org/#opt-in (and chromium/hstspreload.org#68)
Could you update your guide to remove it, or list two examples, the second of which explains preloading and links to hstspreload.org?
(I tried pinging at https://twitter.com/Nextclouders/status/805161033975398400 and emailing the contact address on your site, but that hasn't resulted in a response over the last 6 months.)
The text was updated successfully, but these errors were encountered: