Yes. It is working now.
Thanks!
V
vf144
@vf144
Posts
-
v1.13.1 forcing HSTS (Strict-Transport-Security: max-age=15552000; includeSubDomains) -
v1.13.1 forcing HSTS (Strict-Transport-Security: max-age=15552000; includeSubDomains)yes. I did restart.
I would guess that happens because of
webserver.js:22:var helmet = require('helmet');which has
var DEFAULT_MIDDLEWARE = [ 'dnsPrefetchControl', 'frameguard', 'hidePoweredBy', 'hsts', // <<<<<<<<<<<<<<<<<< 'ieNoOpen', 'noSniff', 'xssFilter' ] -
v1.13.1 forcing HSTS (Strict-Transport-Security: max-age=15552000; includeSubDomains)Cannot avoid HSTS header even if "Strict Transport Security" disabled
$ curl -I http://localhost:4567/bb HTTP/1.1 200 OK X-DNS-Prefetch-Control: off X-Frame-Options: SAMEORIGIN Strict-Transport-Security: max-age=15552000; includeSubDomains X-Download-Options: noopen X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Referrer-Policy: strict-origin-when-cross-origin X-Powered-By: NodeBB set-cookie: _csrf=pKgoXIjK_9iHKUbVENcTWsLD; Path=/; HttpOnly; Secure; SameSite=Strict Content-Type: text/html; charset=utf-8 Content-Length: 33997 ETag: W/"84cd-69RT9fU0GKhJKDANsNxdPOrjvls" Vary: Accept-Encoding Date: Wed, 15 Jan 2020 18:57:13 GMT Connection: keep-alive