From 9cac89b23b2fd1f59351c68d115133e95da70b0f Mon Sep 17 00:00:00 2001
From: David McKee <dragon@dxw.com>
Date: Thu, 6 Oct 2022 15:04:01 +0100
Subject: [PATCH] Boost Strict Transport Security (force HTTPS) to six days

---
 config/settings/production.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/settings/production.py b/config/settings/production.py
index 0b90c8db4..41336cc43 100644
--- a/config/settings/production.py
+++ b/config/settings/production.py
@@ -38,7 +38,7 @@
 # https://docs.djangoproject.com/en/dev/topics/security/#ssl-https
 # https://docs.djangoproject.com/en/dev/ref/settings/#secure-hsts-seconds
 # TODO: set this to 60 seconds first and then to 518400 once you prove the former works
-SECURE_HSTS_SECONDS = 60
+SECURE_HSTS_SECONDS = 6 * 24 * 3600
 # https://docs.djangoproject.com/en/dev/ref/settings/#secure-hsts-include-subdomains
 SECURE_HSTS_INCLUDE_SUBDOMAINS = env.bool(
     "DJANGO_SECURE_HSTS_INCLUDE_SUBDOMAINS", default=True