How to disable HTTP Strict Transport Security?

前端未结

关注

 5  1020

感动是毒 2020-12-04 16:53

I had a Rails application with config.force_ssl = true, but now I dont want SSL encryption, but my app is still redirecting to https. I read this is a HTTP Stri

5条回答

广开言路 (楼主)

2020-12-04 17:10
Just wanted to point out @Bruno's answer and @JoeVanDyk's suggestions are true and can be applied beyond the context of Rails/Apache. I'm using PHP and Nginx. PHP has nothing to do with it in my case, but here's the steps with Nginx:
```
//sorry here's the nginx.conf part first, can't figure out how to mix multi-line 
//code with an ordered list

server {
   #...
   #change:
   # add_header  Strict-Transport-Security "max-age=315360000; includeSubdomains";     
   #to:
   add_header  Strict-Transport-Security "max-age=0;";
   #...
}
```
1. clear your "browser history". To clarify on @JoeVanDyk's suggestion , I think you need to clear "browsing history" because clearing the cache didn't work for me (tested on Chrome/Firefox, please add comments if you know more).
2. nginx.conf file (see code above)
3. restart server
  
  root@ip-xxx-xxx-xxx:~# /etc/init.d/nginx restart.
After this, you can revert the nginx add_header Strict.. command to what you previously had. Just make sure you repeat steps 1-3 again.
0 讨论(0)

查看其它5个回答
发布评论:

提交评论
- 加载中...