[FIX] deploy: enable HSTS also for websocket

Fine tunning of 6a2725e604 closes odoo/documentation#8013 X-original-commit: c00571d724 Signed-off-by: Martin Trigaux (mat) <mat@odoo.com> Signed-off-by: Julien Castiaux (juc) <juc@odoo.com>
2024-03-05 11:10:07 +01:00 · 2024-03-05 11:10:07 +01:00 · a732d1b964
commit a732d1b964
parent b266a2f8d6
1 changed files with 4 additions and 3 deletions
--- a/content/administration/install/deploy.rst
+++ b/content/administration/install/deploy.rst
@ -334,6 +334,9 @@ in ``/etc/nginx/sites-enabled/odoo.conf`` set:
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_set_header X-Real-IP $remote_addr;
+
+      add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
+      proxy_cookie_flags session_id samesite=lax secure;  # requires nginx 1.19.8
    }

    # Redirect requests to odoo backend server
@ -346,10 +349,8 @@ in ``/etc/nginx/sites-enabled/odoo.conf`` set:
      proxy_redirect off;
      proxy_pass http://odoo;

-      # Enable HSTS
      add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
-      # requires nginx 1.19.8
-      proxy_cookie_flags session_id samesite=lax secure;
+      proxy_cookie_flags session_id samesite=lax secure;  # requires nginx 1.19.8
    }

    # common gzip