From 734905d1f7b0dd3fd0417b91d28b2a3ec132b124 Mon Sep 17 00:00:00 2001 From: Omar Roth Date: Tue, 30 Apr 2019 20:53:56 -0500 Subject: [PATCH] Bump max-age for HSTS --- src/invidious.cr | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/invidious.cr b/src/invidious.cr index 0690c1d8..2e031c7d 100644 --- a/src/invidious.cr +++ b/src/invidious.cr @@ -188,7 +188,7 @@ before_all do |env| env.response.headers["Referrer-Policy"] = "same-origin" if Kemal.config.ssl || config.https_only - env.response.headers["Strict-Transport-Security"] = "max-age=604800; includeSubDomains" + env.response.headers["Strict-Transport-Security"] = "max-age=31536000; includeSubDomains; preload" end begin @@ -5189,7 +5189,7 @@ if Kemal.config.ssl redirect_url += "?#{env.request.query}" end - env.response.headers["Strict-Transport-Security"] = "max-age=604800; includeSubDomains" + env.response.headers["Strict-Transport-Security"] = "max-age=31536000; includeSubDomains; preload" env.response.headers["Location"] = redirect_url env.response.status_code = 301 end