From caec2440bbdfb33b1542eff9abbb8f93bc7035e8 Mon Sep 17 00:00:00 2001
From: Alan Orth <alan.orth@gmail.com>
Date: Wed, 20 May 2015 15:54:10 +0300
Subject: [PATCH] roles/nginx: Fix HSTS header in vhost config

We always want to add the header, not add a header with value
"always"!

Signed-off-by: Alan Orth <alan.orth@gmail.com>
---
 roles/nginx/templates/vhost.conf.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/nginx/templates/vhost.conf.j2 b/roles/nginx/templates/vhost.conf.j2
index 16054b8..45562cd 100644
--- a/roles/nginx/templates/vhost.conf.j2
+++ b/roles/nginx/templates/vhost.conf.j2
@@ -71,7 +71,7 @@ server {
         # Enable this if you want HSTS (recommended, but be careful)
         # Include all subdomains and indicate to Google that we want this pre-loaded in Chrome's HSTS store
         # See: https://hstspreload.appspot.com/
-        add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload; always";
+        add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
         {% endif %}
 
         include extra-security.conf;