Boost Strict Transport Security (force HTTPS) to six days

nationalarchives · Oct 6, 2022 · 9cac89b · 9cac89b
1 parent 39c8800
commit 9cac89b
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/config/settings/production.py b/config/settings/production.py
@@ -38,7 +38,7 @@
 # https://docs.djangoproject.com/en/dev/topics/security/#ssl-https
 # https://docs.djangoproject.com/en/dev/ref/settings/#secure-hsts-seconds
 # TODO: set this to 60 seconds first and then to 518400 once you prove the former works
-SECURE_HSTS_SECONDS = 60
+SECURE_HSTS_SECONDS = 6 * 24 * 3600
 # https://docs.djangoproject.com/en/dev/ref/settings/#secure-hsts-include-subdomains
 SECURE_HSTS_INCLUDE_SUBDOMAINS = env.bool(
     "DJANGO_SECURE_HSTS_INCLUDE_SUBDOMAINS", default=True