From b396c8cbe5473746007369003cdac07224133f9e Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Thu, 11 Jan 2018 19:19:36 +0000 Subject: [PATCH] Allow apache to control the HSTS setting --- config/initializers/secure_headers.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/config/initializers/secure_headers.rb b/config/initializers/secure_headers.rb index f30a4b86c..12b31a0c0 100644 --- a/config/initializers/secure_headers.rb +++ b/config/initializers/secure_headers.rb @@ -27,7 +27,6 @@ cookie_policy = { } SecureHeaders::Configuration.default do |config| - config.hsts = "max-age=0" config.csp = SecureHeaders::OPT_OUT config.csp_report_only = csp_policy config.cookies = cookie_policy -- 2.39.5