Browse Source

Fixed #1080, can't disable HSTS with noredirect

Steve Kamerman 7 năm trước cách đây
mục cha
commit
936e57a6de
3 tập tin đã thay đổi với 19 bổ sung2 xóa
  1. 2 2
      nginx.tmpl
  2. 7 0
      test/test_ssl/test_hsts.py
  3. 10 0
      test/test_ssl/test_hsts.yml

+ 2 - 2
nginx.tmpl

@@ -19,7 +19,7 @@
 			server 127.0.0.1 down;
 		{{ end }}
 	{{ end }}
-	
+
 {{ end }}
 
 # If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the
@@ -262,7 +262,7 @@ server {
 	ssl_trusted_certificate {{ printf "/etc/nginx/certs/%s.chain.pem" $cert }};
 	{{ end }}
 
-	{{ if (and (ne $https_method "noredirect") (ne $hsts "off")) }}
+	{{ if (not (or (eq $https_method "noredirect") (eq $hsts "off"))) }}
 	add_header Strict-Transport-Security "{{ trim $hsts }}" always;
 	{{ end }}
 

+ 7 - 0
test/test_ssl/test_hsts.py

@@ -24,3 +24,10 @@ def test_web3_HSTS_custom(docker_compose, nginxproxy):
     assert "answer from port 81\n" in r.text
     assert "Strict-Transport-Security" in r.headers
     assert "max-age=86400; includeSubDomains; preload" == r.headers["Strict-Transport-Security"]
+
+# Regression test for issue 1080
+# https://github.com/jwilder/nginx-proxy/issues/1080
+def test_web4_HSTS_off_noredirect(docker_compose, nginxproxy):
+    r = nginxproxy.get("https://web4.nginx-proxy.tld/port", allow_redirects=False)
+    assert "answer from port 81\n" in r.text
+    assert "Strict-Transport-Security" not in r.headers

+ 10 - 0
test/test_ssl/test_hsts.yml

@@ -24,6 +24,16 @@ web3:
     VIRTUAL_HOST: "web3.nginx-proxy.tld"
     HSTS: "max-age=86400; includeSubDomains; preload"
 
+web4:
+  image: web
+  expose:
+    - "81"
+  environment:
+    WEB_PORTS: "81"
+    VIRTUAL_HOST: "web4.nginx-proxy.tld"
+    HSTS: "off"
+    HTTPS_METHOD: "noredirect"
+
 sut:
   image: jwilder/nginx-proxy:test
   volumes: