2018-01-18 12:25 CET

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0001703openmediavaultBugpublic2017-03-20 07:55
Assigned Tovotdev 
Product Version 
Target VersionFixed in Version 
Summary0001703: WebGUI HSTS breaks other web services on iOS
DescriptionIf you select to use TLS/SSL only on the WebGUI (General > WebAdministration > Secure Connection) this forces OMV to send the header "Strict-Transport-Security: max-age=15768000; includeSubdomains" according to /usr/share/openmediavault/mkconf/nginx.d/10webgui.

This sometimes might prevent the WebGUI from loading on iOS where the webpage gets stuck in a perpetual reloading. The times when eventually the webpage loads, forcing HSTS breaks other web applications (i.e. PlexPy) and force any web traffic to the given domain or subdomain (to which HSTS applies) to connect over TLS.
Steps To ReproduceSet the WebUI to use TLS only.
Browse to the WebUI with an iOS device.
Product build
Attached Files




votdev (administrator)

HSTS is a security option which is necessary. It is a bad idea to run other services on the same port.

-Issue History
Date Modified Username Field Change
2017-03-18 12:44 kavejo New Issue
2017-03-18 12:44 kavejo Status new => assigned
2017-03-18 12:44 kavejo Assigned To => votdev
2017-03-18 12:44 kavejo Tag Attached: WebGUI
2017-03-20 07:55 votdev Note Added: 0004669
+Issue History