Skip to content
Yash Thakur edited this page Oct 7, 2017 · 4 revisions

HTTP Strict Transport Security

HSTS is a web security policy mechanism which helps to protect websites against protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers (or other complying user agents) should only interact with it using secure HTTPS connections, and never via the insecure HTTP protocol. You can read more about HSTS here

How is it implemented in React-PWA?
In src > config > config.js it is enabled by default. When the domain is https it will work and wont work when domain is on http. If the developer wants to disable it just use enabled: false in the following code.
...
hsts: {
    enabled: true,
    // maxAge: Must be at least 18 weeks to be approved by Google, but we are setting it to 1 year
    maxAge: 31536000,
    // Must be enabled to be approved by Google
    includeSubDomains: true,
    preload: false,
},
...
Clone this wiki locally