Hello, I would like to send the header: add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
Despite the 401 Unauthorized request. Is that possible? Currently the header is only added after a successful authorization: (x1) [~] curl -v https://tuvl.de * Rebuilt URL to: https://tuvl.de/ * Hostname was NOT found in DNS cache * Trying 2a01:4f8:b0:2fff::2... * Connected to tuvl.de (2a01:4f8:b0:2fff::2) port 443 (#0) * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Server key exchange (12): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 * Server certificate: * subject: CN=tuvl.de * start date: 2016-06-19 08:39:00 GMT * expire date: 2016-09-17 08:39:00 GMT * subjectAltName: tuvl.de matched * issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3 * SSL certificate verify ok. > GET / HTTP/1.1 > User-Agent: curl/7.38.0 > Host: tuvl.de > Accept: */* > < HTTP/1.1 401 Unauthorized * Server nginx is not blacklisted < Server: nginx < Date: Sun, 19 Jun 2016 09:47:40 GMT < Content-Type: text/html < Content-Length: 188 < Connection: keep-alive < WWW-Authenticate: Basic realm="Virtual Lab" < <html> <head><title>401 Authorization Required</title></head> <body bgcolor="white"> <center><h1>401 Authorization Required</h1></center> <hr><center>nginx</center> </body> </html> * Connection #0 to host tuvl.de left intact Cheers, Thomas _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
