该网站指定了无效的严格，交通运输-Security头 - 萤火 [英] The site specified an invalid Strict-Transport-Security header - firebug

问题描述

我加入HSTS头时得到这个警告的萤火。

I am getting this warning in firebug when adding HSTS header.

The site specified an invalid Strict-Transport-Security header.

这是我的htaccess

here is my htaccess

<IfModule mod_headers.c>
    Header append X-FRAME-OPTIONS: SAMEORIGIN
    Header append Strict-Transport-Security: 'max-age=31536000; includeSubDomains'
</IfModule>

当我删除我得到内部服务器错误的值引号。 网站通过HTTPS提供服务，从HTTP重定向到https从Apache的网站文件中设置。 SSL证书是自签名的，如果它很重要。

When I remove quotes from the value I get Internal Server Error. Website is being served through https, redirect from http to https is set from apache's site file. SSL certificate is self-signed, if it matters.

模头已启用。林在Debian 7，Apache 2.2的。

mod headers is enabled. Im on debian 7, apache 2.2.

感谢

推荐答案

由于在评论中提到，同样在我的情况，我建立了网站与信任的SSL证书问题就消失了主域名@jhutar。因此，萤火虫是表示只对错误的自签名（和/或不信任）的SSL证书。

As @jhutar mentioned in comments, similarly in my case as I set up the site on the main domain with trusted SSL certificate the problem disappeared. So, the firebug is showing that error only for self-signed(and/or not-trusted) SSL certificates.

这篇关于该网站指定了无效的严格，交通运输-Security头 - 萤火的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！