Support the ongoing development of Laravel.io →
posted 11 months ago
Security
Last updated 5 months ago.
0
moderator Solution

Hey!

You can update your nginx configuration like described in this Laracasts episode: https://laracasts.com/series/learn-laravel-forge/episodes/22

With the config open, add this line to the server block for your canonical domain:

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

so it will look something like this:

server {
    listen 443 ssl;
    ...
    server_name <your-canonical-domain>;
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    ...
}

You can change the max-age value to your preferred value.

0
Solution selected by @driesvints

Hey! Thanks!

But that also forces the WWW to be secure, yes? We do not want that. Does that make sense?

0

Ah, yeah. You can remove the includeSubDomains and only leave the max-age like this:

add_header Strict-Transport-Security "max-age=31536000" always;

The mozilla docs show this as valid option.

Last updated 11 months ago.
0

Great. Thanks a bunch!

0

Sign in to participate in this thread!

LaraJobs

Your banner here too?

Moderators

We'd like to thank these amazing companies for supporting us

Your logo here?

The Laravel portal for problem solving, knowledge sharing and community building.

© 2022 Laravel.io - All rights reserved.