From 139ef0a63444efdadefa41e7be2804f3423d332c Mon Sep 17 00:00:00 2001
From: Frank Wall <fw@moov.de>
Date: Fri, 8 Dec 2017 00:31:13 +0100
Subject: [PATCH] net/haproxy: HSTS is only applicable to HTTP frontends

---
 .../opnsense/service/templates/OPNsense/HAProxy/haproxy.conf    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
index bf9296f66..dd8db755c 100644
--- a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
+++ b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
@@ -607,7 +607,7 @@ frontend {{frontend.name}}
 {%             do ssl_options.append('ciphers ' ~ frontend.ssl_cipherList) %}
 {%           endif %}
 {#           # HSTS #}
-{%           if frontend.ssl_hstsEnabled|default("") == '1' %}
+{%           if frontend.ssl_hstsEnabled|default("") == '1' and frontend.mode == 'http' %}
     http-response set-header Strict-Transport-Security max-age={{frontend.ssl_hstsMaxAge}}
 {%           endif %}
 {%         endif %}