From d28adfa17362cbb58b165317b2693c1433358b92 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jes=C3=BAs?= <heckyel@hyperbola.info>
Date: Mon, 25 Oct 2021 12:19:32 -0500
Subject: nginx: remove Strict-Transport-Security Strict-Transport-Security is
 only HTTPS

---
 gitolite-cgit/entrypoint.sh | 2 --
 1 file changed, 2 deletions(-)

diff --git a/gitolite-cgit/entrypoint.sh b/gitolite-cgit/entrypoint.sh
index 66d37cc..e82154c 100755
--- a/gitolite-cgit/entrypoint.sh
+++ b/gitolite-cgit/entrypoint.sh
@@ -329,8 +329,6 @@ EOF
     error_log off;
 
     # Aditional Security Headers
-    # ref: https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security
-    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
 
     # ref: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
     add_header X-Frame-Options DENY always;
-- 
cgit v1.2.3