Update HSTS to publish a max-age=0 to disable it
authorTom Hughes <tom@compton.nu>
Fri, 3 Mar 2017 11:34:39 +0000 (11:34 +0000)
committerTom Hughes <tom@compton.nu>
Fri, 3 Mar 2017 11:34:39 +0000 (11:34 +0000)
config/initializers/secure_headers.rb

index d1863fdd21e1090947cb88cc97790c9d285ced2a..e53ea6cef3d2e222a0d873e2cf2c4be0f53112ee 100644 (file)
@@ -21,6 +21,7 @@ else
 end
 
 SecureHeaders::Configuration.default do |config|
+  config.hsts = "max-age=0"
   config.csp = SecureHeaders::OPT_OUT
   config.csp_report_only = policy
 end