问题
I am getting this warning in firebug when adding HSTS header.
The site specified an invalid Strict-Transport-Security header.
here is my htaccess
<IfModule mod_headers.c>
Header append X-FRAME-OPTIONS: SAMEORIGIN
Header append Strict-Transport-Security: 'max-age=31536000; includeSubDomains'
</IfModule>
When I remove quotes from the value I get Internal Server Error.
Website is being served through https, redirect from http to https is set from apache's site file. SSL certificate is self-signed, if it matters.
mod headers is enabled. Im on debian 7, apache 2.2.
Thanks
回答1:
As @jhutar mentioned in comments, similarly in my case as I set up the site on the main domain with trusted SSL certificate the problem disappeared. So, the firebug is showing that error only for self-signed(and/or not-trusted) SSL certificates.
来源:https://stackoverflow.com/questions/28367305/the-site-specified-an-invalid-strict-transport-security-header-firebug