From: Grant Slater <git@firefishy.com>
Date: Mon, 16 Apr 2018 22:21:53 +0000 (+0100)
Subject: Remove Strict-Transport-Security proxy passed header
X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/1af304f7852542300224c6634686933f3c93652d

Remove Strict-Transport-Security proxy passed header
---

diff --git a/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb b/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb
index cd8775dab..ac62a3775 100644
--- a/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb
+++ b/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb
@@ -73,6 +73,8 @@ server {
       # Set a QoS cookie if none presented (uses nginx Map)
       add_header Set-Cookie $cookie_qos_token_set;
 <% if node[:ssl][:strict_transport_security] -%>
+      # Ensure Strict-Transport-Security header is removed from proxied server responses
+      proxy_hide_header Strict-Transport-Security;
 
       # Enable HSTS
       add_header Strict-Transport-Security "<%= node[:ssl][:strict_transport_security] %>" always;