Allow apache to control the HSTS setting
authorTom Hughes <tom@compton.nu>
Thu, 11 Jan 2018 19:44:20 +0000 (19:44 +0000)
committerTom Hughes <tom@compton.nu>
Thu, 11 Jan 2018 19:44:20 +0000 (19:44 +0000)
config/initializers/secure_headers.rb

index 12b31a0c094003ddeaa73b8d473b37827431abcf..b0b45aa13125f355fd56ca74b31217f0d970af8f 100644 (file)
@@ -27,6 +27,7 @@ cookie_policy = {
 }
 
 SecureHeaders::Configuration.default do |config|
+  config.hsts = SecureHeaders::OPT_OUT
   config.csp = SecureHeaders::OPT_OUT
   config.csp_report_only = csp_policy
   config.cookies = cookie_policy