8fcf653cb0
Replaces the presence-only `grep -qi strict-transport-security` smoke assertion in both nightly.yml and release.yml with a value-pinning regex that requires `max-age=31536000`, `includeSubDomains`, and `preload`. A future Caddyfile edit that drops any of those three parts now fails the deploy smoke step instead of passing silently. Verified locally that the new pattern matches the preload-eligible value and rejects three degraded forms (short max-age, missing includeSubDomains, missing preload). Addresses @sara's round-2 note on PR #499 — "presence check, not value check". Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
4.4 KiB
4.4 KiB