Hello,
I would like to send the header:
add_header Strict-Transport-Security “max-age=31536000;
includeSubDomains”;
Despite the 401 Unauthorized request. Is that possible?
Currently the header is only added after a successful authorization:
(x1) [~] curl -v https://tuvl.de
- Rebuilt URL to: https://tuvl.de/
- Hostname was NOT found in DNS cache
- Trying 2a01:4f8:b0:2fff::2…
- Connected to tuvl.de (2a01:4f8:b0:2fff::2) port 443 (#0)
- successfully set certificate verify locations:
- CAfile: none
CApath: /etc/ssl/certs - SSLv3, TLS handshake, Client hello (1):
- SSLv3, TLS handshake, Server hello (2):
- SSLv3, TLS handshake, CERT (11):
- SSLv3, TLS handshake, Server key exchange (12):
- SSLv3, TLS handshake, Server finished (14):
- SSLv3, TLS handshake, Client key exchange (16):
- SSLv3, TLS change cipher, Client hello (1):
- SSLv3, TLS handshake, Finished (20):
- SSLv3, TLS change cipher, Client hello (1):
- SSLv3, TLS handshake, Finished (20):
- SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
- Server certificate:
-
subject: CN=tuvl.de -
start date: 2016-06-19 08:39:00 GMT -
expire date: 2016-09-17 08:39:00 GMT -
subjectAltName: tuvl.de matched -
issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3 -
SSL certificate verify ok.
GET / HTTP/1.1
User-Agent: curl/7.38.0
Host: tuvl.de
Accept: /
< HTTP/1.1 401 Unauthorized
- Server nginx is not blacklisted
< Server: nginx
< Date: Sun, 19 Jun 2016 09:47:40 GMT
< Content-Type: text/html
< Content-Length: 188
< Connection: keep-alive
< WWW-Authenticate: Basic realm=“Virtual Lab”
<
401 Authorization Required
nginx * Connection #0 to host tuvl.de left intact
Cheers,
Thomas