From d98741690124a266da0d1a0cfe348f7ec78e5e9f Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Thu, 11 Jan 2018 19:44:20 +0000
Subject: [PATCH] Allow apache to control the HSTS setting

---
 config/initializers/secure_headers.rb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/config/initializers/secure_headers.rb b/config/initializers/secure_headers.rb
index 12b31a0c0..b0b45aa13 100644
--- a/config/initializers/secure_headers.rb
+++ b/config/initializers/secure_headers.rb
@@ -27,6 +27,7 @@ cookie_policy = {
 }
 
 SecureHeaders::Configuration.default do |config|
+  config.hsts = SecureHeaders::OPT_OUT
   config.csp = SecureHeaders::OPT_OUT
   config.csp_report_only = csp_policy
   config.cookies = cookie_policy
-- 
2.43.2