From 7457ac3b937c5b6980e690d61751a9c08c625216 Mon Sep 17 00:00:00 2001
From: Alan Orth <alan.orth@gmail.com>
Date: Sat, 24 Jan 2015 12:40:48 +0300
Subject: [PATCH] roles/nginx: Always set HSTS header

nginx 1.7.5 allows us to always set HTTP headers:

See: http://mailman.nginx.org/pipermail/nginx-announce/2014/000145.html

Signed-off-by: Alan Orth <alan.orth@gmail.com>
---
 roles/nginx/templates/https.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/nginx/templates/https.j2 b/roles/nginx/templates/https.j2
index 525f6c4..9afa144 100644
--- a/roles/nginx/templates/https.j2
+++ b/roles/nginx/templates/https.j2
@@ -32,5 +32,5 @@
     spdy_headers_comp 6;
 
     # Enable this if you want HSTS (recommended, but be careful)
-    add_header Strict-Transport-Security max-age=15768000;
+    add_header Strict-Transport-Security max-age=15768000 always;