Skip to content

Commit

Permalink
Merge pull request #386 from nationalarchives/371-strict-transport-se…
Browse files Browse the repository at this point in the history
…curity-one-week

Boost Strict Transport Security (force HTTPS) to six days
  • Loading branch information
Floppy authored Oct 10, 2022
2 parents 44c8264 + 9cac89b commit e03fb78
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion config/settings/production.py
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@
# https://docs.djangoproject.com/en/dev/topics/security/#ssl-https
# https://docs.djangoproject.com/en/dev/ref/settings/#secure-hsts-seconds
# TODO: set this to 60 seconds first and then to 518400 once you prove the former works
SECURE_HSTS_SECONDS = 60
SECURE_HSTS_SECONDS = 6 * 24 * 3600
# https://docs.djangoproject.com/en/dev/ref/settings/#secure-hsts-include-subdomains
SECURE_HSTS_INCLUDE_SUBDOMAINS = env.bool(
"DJANGO_SECURE_HSTS_INCLUDE_SUBDOMAINS", default=True
Expand Down

0 comments on commit e03fb78

Please sign in to comment.