I have implemented a simple static server like this in /etc/nginx/sites-available/default that will serve a bunch of files
server {
listen 80;
server_name www.x.app x.app;
root /usr/share/app/front-end/build;
location / {
index index.html;
autoindex on;
autoindex_exact_size off;
}
}
but when i browse http://www.x.app will immediately get redirected to https://www.x.app but i want to browse as http and i searched a lot and find out the Non-Authoritative-Reason: HSTS header that chrome gets ( that will redirect me using 307 Internal Redirect ) there is security occur because of "HSTS" the answers said that use add_header Strict-Transport-Security "max-age=0"; in NginX Configurations but it didn't work P.S.1: i cleared my chrome cache and also doesn't work P.S.2:
Querying HSTS/PKP domain in chrome:
Found:
static_sts_domain: app
static_upgrade_mode: FORCE_HTTPS
static_sts_include_subdomains: true
static_sts_observed: 1613773712
static_pkp_domain:
static_pkp_include_subdomains:
static_pkp_observed:
static_spki_hashes:
dynamic_sts_domain:
dynamic_upgrade_mode: UNKNOWN
dynamic_sts_include_subdomains:
dynamic_sts_observed:
dynamic_sts_expiry:
Aucun commentaire:
Enregistrer un commentaire