Permalink
Browse files

hsts upgrade

  • Loading branch information...
benadida committed Oct 27, 2017
1 parent 8cc0c5a commit 04ad8dff30e8b9aa0655d826914c54504c03f104
Showing with 3 additions and 3 deletions.
  1. +3 −3 settings.py
View
@@ -100,11 +100,11 @@ def get_from_env(var, default):
SESSION_COOKIE_HTTPONLY = True
# one week HSTS seems like a good balance for MITM prevention
# let's go with one year because that's the way to do it now
if (get_from_env('HSTS', '0') == '1'):
SECURE_HSTS_SECONDS = 3600 * 24 * 7
SECURE_HSTS_SECONDS = 52 * 3600 * 24 * 7
# not doing subdomains for now cause that is not likely to be necessary and can screw things up.
SECURE_HSTS_INCLUDE_SUBDOMAINS = False
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
SECURE_BROWSER_XSS_FILTER = True
SECURE_CONTENT_TYPE_NOSNIFF = True

0 comments on commit 04ad8df

Please sign in to comment.