From c5ecf1df631457a6c2a0a5712026cddeda30f1e8 Mon Sep 17 00:00:00 2001
From: Fritz Grimpen <fritz@grimpen.net>
Date: Wed, 10 Mar 2021 11:30:18 +0000
Subject: [PATCH] Enable HSTS for mediawiki

---
 roles/mediawiki/defaults/main.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/roles/mediawiki/defaults/main.yml b/roles/mediawiki/defaults/main.yml
index 47b4883..a3f7c81 100644
--- a/roles/mediawiki/defaults/main.yml
+++ b/roles/mediawiki/defaults/main.yml
@@ -40,6 +40,8 @@ mediawiki_nginx_conf: |
   ssl_certificate_key /etc/letsencrypt/live/{{ mediawiki_domain }}/privkey.pem;
   ssl_trusted_certificate /etc/letsencrypt/live/{{ mediawiki_domain }}/chain.pem;
 
+  add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
+
   client_max_body_size 100M;
 
   include snippets/certbot.conf;