Mercurial > repos > other > Puppet
changeset 373:c68883dde00b
Increase HSTS header duration
Apparently 6 months isn't long enough and we need at least 12
| author | IBBoard <dev@ibboard.co.uk> |
|---|---|
| date | Tue, 15 Jun 2021 19:30:24 +0100 |
| parents | 94f34831132d |
| children | 5f4fc00f8189 |
| files | modules/website/manifests/https/redir.pp modules/website/templates/https_core_conf.erb |
| diffstat | 2 files changed, 2 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/modules/website/manifests/https/redir.pp Sat Apr 24 11:12:33 2021 +0100 +++ b/modules/website/manifests/https/redir.pp Tue Jun 15 19:30:24 2021 +0100 @@ -98,7 +98,7 @@ $group = $docroot_group } - $custom_conf = 'Header always set Strict-Transport-Security "max-age=16070400; includeSubDomains" + $custom_conf = 'Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" Header set X-Xss-Protection "1; mode=block" Header set X-Content-Type-Options "nosniff" Header set X-Frame-Options "SAMEORIGIN"'
--- a/modules/website/templates/https_core_conf.erb Sat Apr 24 11:12:33 2021 +0100 +++ b/modules/website/templates/https_core_conf.erb Tue Jun 15 19:30:24 2021 +0100 @@ -1,4 +1,4 @@ -Header always set Strict-Transport-Security "max-age=16070400; includeSubDomains" +Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" <%- if @csp -%> Header always set Content-Security-Policy "upgrade-insecure-requests; <%= @csp_string %>" <%- end -%>