If NGinx sets HSTS headers as well, then you can turn the setting off in Mahara:
Log in and go to Admin -> Configure site -> Site options -> Security settings and set "HSTS override" to "Yes" To verify things are working you should see in the headers strict-transport-security: max-age=15768000 and not strict-transport-security: max-age=63072000 strict-transport-security: max-age=15768000 -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1875750 Title: Allow override of the HSTS setting if being set downstream Status in Mahara: Fix Committed Bug description: To avoid the Strict-Transport-Security header being set twice To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1875750/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : [email protected] Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
