首页 » http

chrome的hsts政策,针对.app域名,chrome强制使用https协议访问,比如:

http://hitube.app 会转换成
https://hitube.app

可以打开 chrome://net-internals/#hsts 查询 Query HSTS/PKP domain


static_sts_domain: app
static_upgrade_mode: FORCE_HTTPS
static_sts_include_subdomains: true
static_sts_observed: 1540270800
static_pkp_domain: 
static_pkp_include_subdomains: 
static_pkp_observed: 
static_spki_hashes: 
dynamic_sts_domain: hitube.app
dynamic_upgrade_mode: FORCE_HTTPS
dynamic_sts_include_subdomains: false
dynamic_sts_observed: 1542096503.341038
dynamic_sts_expiry: 1628496503.341037
dynamic_pkp_domain: 
dynamic_pkp_include_subdomains: 
dynamic_pkp_observed: 
dynamic_pkp_expiry: 
dynamic_spki_hashes: 

对于一般的域名,可以使用Delete domain security policies 删掉,但是.app 域名不可以,只能安装证书了

发现站点得css过其时间比较短,然后打开nginx看了下,如下代码

  location ~ .*\.(js|css)?$
        {
            expires      12h;
        }

但是用chrome打开network,会发现:

Cache-Control: max-age=43200

Expires: Thu, 01 Nov 2018 12:59:27 GMT

cache control 会覆盖expires属性的,而且cache control受支持的浏览器较广,所以加入如下代码


add_header    Cache-Control  max-age=604800;

然后reload nginx配置


/usr/local/nginx/sbin/nginx -s reload