• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

XF 1.4 About Email confirmation accounts (with https) and HSTS for improve security

#1
Hello:

I have got two questions I would like to ask.

My website works with https, however when a new user registers he recieves in an email a link with http, even though it gets redirected to https when he uses it. What I need is to make that http appear as the https it actually is.

The second question is about how can I install HSTS (Strict Transport Security) in my xenforo. I use Nginx and I would like to use it.

You can see about HSTS at this http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security

It is possible?

Thanks
 
#5
Ok change with s, i test that it works correctly now.

Thanks, i don't know if mike or another dev or user know how to implemment hsts with nginx.
 

Tracy Perry

Well-known member
#8
Place
Code:
add_header Strict-Transport-Security max-age=31536000;
in your vhost definition where you have the other SSL settings configured then restart nginx.

If you are also serving subdomains from that vhost (I do each one as an individual vhost personally) you can place
Code:
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";