Skip to content

Commit

Permalink
chore(security): Increase hsts period
Browse files Browse the repository at this point in the history 
Update the security config to use recommended HSTS period: 1yr

[Note]
- Apply after verifying nothing breaks on site.

[Docs]
See HSTS MDN docs:
https://developer.mozilla.org/en-US/docs/Web/Security/Practical_implementation_guides/TLS#http_strict_transport_security_implementation
  • Loading branch information
@apexDev37
apexDev37 committed Feb 10, 2025
1 parent ca9405c commit 60358a3
Showing 1 changed file with 1 addition and 2 deletions.
3 changes: 1 addition & 2 deletions src/config/settings/common/security.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,7 @@
# ========================= #
# Tell browser to load your site over HTTPS only.
# Note: Browsers will refuse to allow users to bypass insecure warnings to connect.
# TODO(apexDev37): Update `SECURE_HSTS_SECONDS` to recommended minimum after testing nothing breaks.
SECURE_HSTS_SECONDS = 3600
SECURE_HSTS_SECONDS = 31536000
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
SECURE_HSTS_PRELOAD = True

Expand Down

0 comments on commit 60358a3

Please sign in to comment.