From d03f5ef1e260a1ae1f2bd9b37d4df3a00790d066 Mon Sep 17 00:00:00 2001
From: Rafael dos Santos Silva <xfalcox@gmail.com>
Date: Thu, 13 Jul 2017 23:37:48 -0300
Subject: [PATCH] FIX: HSTS header was overwrote by Referrer-Policy add_header

---
 templates/web.ssl.template.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/templates/web.ssl.template.yml b/templates/web.ssl.template.yml
index 76b600e..681abdc 100644
--- a/templates/web.ssl.template.yml
+++ b/templates/web.ssl.template.yml
@@ -37,3 +37,9 @@ run:
        if ($http_host != $$ENV_DISCOURSE_HOSTNAME) {
           rewrite (.*) https://$$ENV_DISCOURSE_HOSTNAME$1 permanent;
        }
+  - replace:
+     filename: "/etc/nginx/conf.d/discourse.conf"
+     from: /add_header Referrer-Policy 'no-referrer-when-downgrade';/m
+     to: |
+       add_header Referrer-Policy 'no-referrer-when-downgrade';
+       add_header Strict-Transport-Security 'max-age=31536000'; # remember the certificate for a year and automatically connect to HTTPS for this domain
-- 
2.25.1