From c8d548491949b971c07ee04a11059388e101c184 Mon Sep 17 00:00:00 2001
From: Evangelos Foutras <evangelos@foutrelis.com>
Date: Sun, 8 May 2022 17:18:27 +0300
Subject: [PATCH] archweb: fix HSTS header missing from archlinux.org

---
 roles/archweb/templates/nginx.d.conf.j2 | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/roles/archweb/templates/nginx.d.conf.j2 b/roles/archweb/templates/nginx.d.conf.j2
index 57c861685..c7b9f8325 100644
--- a/roles/archweb/templates/nginx.d.conf.j2
+++ b/roles/archweb/templates/nginx.d.conf.j2
@@ -198,6 +198,9 @@ server {
         uwsgi_cache_key $cache_key;
         add_header X-Cache-Status $upstream_cache_status;
 
+        # re-add HSTS (inheritance from sslsettings.conf broken by above header)
+        add_header Strict-Transport-Security $hsts_header always;
+
         limit_req zone=archweblimit burst=10 nodelay;
     }
 }
-- 
GitLab