Allow apache to control the HSTS setting

2018-01-11 19:44:20 +00:00 · 2018-01-11 19:44:20 +00:00 · d987416901
commit d987416901
parent b396c8cbe5
1 changed files with 1 additions and 0 deletions
--- a/config/initializers/secure_headers.rb
+++ b/config/initializers/secure_headers.rb
@ -27,6 +27,7 @@ cookie_policy = {
 }

 SecureHeaders::Configuration.default do |config|
+  config.hsts = SecureHeaders::OPT_OUT
  config.csp = SecureHeaders::OPT_OUT
  config.csp_report_only = csp_policy
  config.cookies = cookie_policy