Update HSTS to publish a max-age=0 to disable it

author Tom Hughes <tom@compton.nu>

Fri, 3 Mar 2017 11:34:39 +0000 (11:34 +0000)

committer Tom Hughes <tom@compton.nu>

Fri, 3 Mar 2017 11:34:39 +0000 (11:34 +0000)
author Tom Hughes <tom@compton.nu>
Fri, 3 Mar 2017 11:34:39 +0000 (11:34 +0000)
committer Tom Hughes <tom@compton.nu>
Fri, 3 Mar 2017 11:34:39 +0000 (11:34 +0000)
diff --git a/config/initializers/secure_headers.rb b/config/initializers/secure_headers.rb

index d1863fdd21e1090947cb88cc97790c9d285ced2a..e53ea6cef3d2e222a0d873e2cf2c4be0f53112ee 100644 (file)
--- a/config/initializers/secure_headers.rb
+++ b/config/initializers/secure_headers.rb
@@ -21,6 +21,7 @@ else
  end
  
  SecureHeaders::Configuration.default do |config|
+  config.hsts = "max-age=0"
    config.csp = SecureHeaders::OPT_OUT
    config.csp_report_only = policy
  end
author	Tom Hughes <tom@compton.nu>
	Fri, 3 Mar 2017 11:34:39 +0000 (11:34 +0000)
committer	Tom Hughes <tom@compton.nu>
	Fri, 3 Mar 2017 11:34:39 +0000 (11:34 +0000)