Support the ongoing development of Laravel.io →
(sponsored) Haven't tried PhpStorm yet? Get a special discount on PhpStorm + Laravel plugin bundle ->
smockensturm
posted 1 year ago
Security
Last updated 1 year ago.
0
tomhatzer
replied 1 year ago
moderator Solution

Hey!

You can update your nginx configuration like described in this Laracasts episode: https://laracasts.com/series/learn-laravel-forge/episodes/22

With the config open, add this line to the server block for your canonical domain:

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

so it will look something like this:

server {
    listen 443 ssl;
    ...
    server_name <your-canonical-domain>;
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    ...
}

You can change the max-age value to your preferred value.

0
Solution selected by @driesvints
smockensturm
replied 1 year ago

Hey! Thanks!

But that also forces the WWW to be secure, yes? We do not want that. Does that make sense?

0
tomhatzer
replied 1 year ago
moderator

Ah, yeah. You can remove the includeSubDomains and only leave the max-age like this:

add_header Strict-Transport-Security "max-age=31536000" always;

The mozilla docs show this as valid option.

Last updated 1 year ago.
0
smockensturm
replied 1 year ago

Great. Thanks a bunch!

0

Sign in to participate in this thread!

JetBrains

Your banner here too?

Steve Mock smockensturm Joined 3 Nov 2021

Moderators

We'd like to thank these amazing companies for supporting us

PhpStorm by Jetbrains
Fathom
Forge
Envoyer
Beyond Code
Skynet Technologies
Lightflows
Localazy
Steadfast Collective

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

Laravel.io

Forum Articles Pastebin

Socials

Twitter GitHub

The community

Laravel Laravel Laravel News Laravel News
Laracasts Laracasts Laravel Podcast Laravel Podcast
© 2023 Laravel.io - All rights reserved.
Terms of service Privacy policy Advertise