chore: rm http header: Expect-CT

2025-12-19 17:32:24 +08:00 · 2023-12-07 09:55:30 +08:00
parent dfae78891d
commit 95900eec1a
1 changed files with 0 additions and 6 deletions
--- a/eiblog.conf
+++ b/eiblog.conf
@@ -78,9 +78,6 @@ server {
    proxy_set_header             X-Forwarded-For   $proxy_add_x_forwarded_for;
    location ^~ /admin/ {
        add_header               Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
-        # https://imququ.com/post/web-security-and-response-header.html#toc-1
-        # 期望CT: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expect-CT
-        add_header               Expect-CT "max-age=180";
        add_header               Cache-Control no-cache;
        add_header               X-Frame-Options SAMEORIGIN;
        add_header               X-Content-Type-Options nosniff;
@@ -93,9 +90,6 @@ server {

    location / {
        add_header               Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
-        # https://imququ.com/post/web-security-and-response-header.html#toc-1
-        # 期望CT: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expect-CT
-        add_header               Expect-CT "max-age=180";
        add_header               Cache-Control no-cache;
        # 内容安全策略: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
        add_header               Content-Security-Policy "default-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' blob: https:; img-src data: https:; media-src https:; style-src 'unsafe-inline' https:; child-src https:; connect-src 'self'; frame-src https://disqus.com";