From: Tom Hughes <tom@compton.nu>
Date: Wed, 10 Dec 2014 15:01:03 +0000 (+0000)
Subject: Revert "Enable HSTS for all apache served SSL sites"
X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/1a26a5d55810114a2e20bf252f6c2737f8615a47

Revert "Enable HSTS for all apache served SSL sites"

This reverts commit 3ce3f0c3311b306f9808355397ee43424f14aa31.
---

diff --git a/cookbooks/apache/recipes/ssl.rb b/cookbooks/apache/recipes/ssl.rb
index 8efbe03d2..700e10e4a 100644
--- a/cookbooks/apache/recipes/ssl.rb
+++ b/cookbooks/apache/recipes/ssl.rb
@@ -29,7 +29,6 @@ apache_module "socache_shmcb" do
 end
 
 apache_module "ssl"
-apache_module "headers"
 
 apache_conf "ssl" do
   template "ssl.erb"
diff --git a/cookbooks/apache/templates/default/ssl.erb b/cookbooks/apache/templates/default/ssl.erb
index 62486999d..1124f66d8 100644
--- a/cookbooks/apache/templates/default/ssl.erb
+++ b/cookbooks/apache/templates/default/ssl.erb
@@ -8,14 +8,10 @@ SSLCipherSuite aRSA+HIGH:+kEDH:+kRSA:!kSRP:!kPSK:+3DES:!MD5
 SSLCertificateFile /etc/ssl/certs/<%= @certificate %>.pem
 SSLCertificateKeyFile /etc/ssl/private/<%= @certificate %>.key
 SSLCertificateChainFile /etc/ssl/certs/rapidssl.pem
-
 <% if node[:lsb][:release].to_f >= 14.04 -%>
+
 SSLUseStapling On
 SSLStaplingResponderTimeout 5
 SSLStaplingReturnResponderErrors off
 SSLStaplingCache shmcb:${APACHE_RUN_DIR}/ssl_ocspcache(512000)
-
-Header setifempty Strict-Transport-Security max-age=86400 env=HTTPS
-<% else -%>
-Header set Strict-Transport-Security max-age=86400 env=HTTPS
 <% end -%>