enforce hsts on every server

EdiWang · Oct 10, 2023 · 35cfa53 · 35cfa53
1 parent f699140
commit 35cfa53
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 10 deletions.
diff --git a/src/Moonglade.Web/Program.cs b/src/Moonglade.Web/Program.cs
@@ -299,6 +299,7 @@ void ConfigureMiddleware()
     else
     {
         app.UseStatusCodePages(ConfigureStatusCodePages.Handler).UseExceptionHandler("/error");
+        app.UseHsts();
     }
 
     app.UseHttpsRedirection();

diff --git a/src/Moonglade.Web/web.Release.config b/src/Moonglade.Web/web.Release.config
@@ -32,16 +32,6 @@
 						<action type="Redirect" url="{R:1}"/>
 					</rule>
 				</rules>
-				<outboundRules>
-					<rule name="Add Strict-Transport-Security when HTTPS" enabled="true">
-						<match serverVariable="RESPONSE_Strict_Transport_Security"
-						       pattern=".*" />
-						<conditions>
-							<add input="{HTTPS}" pattern="on" ignoreCase="true" />
-						</conditions>
-						<action type="Rewrite" value="max-age=31536000;includeSubDomains;preload" />
-					</rule>
-				</outboundRules>
 			</rewrite>
 		</system.webServer>
 	</location>