I have just deployed metabase on my kubernetes cluster and I realised there is already HSTS enabled on metabase. I am wondering is there anyway that I can disable it?
Hi @weihan1394
Any reason why you would want people to downgrade from https to http?
You can remove the header with a reverse-proxy - otherwise you would need to build your own version of Metabase.
thank you for your help.
i am deploying it with another app and the app already have hsts enabled. I am not trying to downgrade from https to http but remove the hsts header
server-snippets: 'add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;'
@weihan1394 Then don’t return the header from Metabase, if you’re already setting it:
http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_hide_header