XF 1.4 About Email confirmation accounts (with https) and HSTS for improve security

Andros

Member
Hello:

I have got two questions I would like to ask.

My website works with https, however when a new user registers he recieves in an email a link with http, even though it gets redirected to https when he uses it. What I need is to make that http appear as the https it actually is.

The second question is about how can I install HSTS (Strict Transport Security) in my xenforo. I use Nginx and I would like to use it.

You can see about HSTS at this http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security

It is possible?

Thanks
 
Place
Code:
add_header Strict-Transport-Security max-age=31536000;
in your vhost definition where you have the other SSL settings configured then restart nginx.

If you are also serving subdomains from that vhost (I do each one as an individual vhost personally) you can place
Code:
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
 
Top Bottom