From f27261fe4e0568bd3f09e1f0d59f1b550556214c Mon Sep 17 00:00:00 2001
From: Jean-Baptiste Holcroft <jean-baptiste@holcroft.fr>
Date: Fri, 30 Aug 2019 22:21:03 +0200
Subject: [PATCH] Enable HSTS in Django

---
 conf/settings_history/settings.3.8.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/conf/settings_history/settings.3.8.py b/conf/settings_history/settings.3.8.py
index e2a22fc..19c6901 100644
--- a/conf/settings_history/settings.3.8.py
+++ b/conf/settings_history/settings.3.8.py
@@ -631,8 +631,8 @@ X_FRAME_OPTIONS = 'DENY'
 SECURE_CONTENT_TYPE_NOSNIFF = True
 
 # Optionally enable HSTS
-SECURE_HSTS_SECONDS = 0
-SECURE_HSTS_PRELOAD = False
+SECURE_HSTS_SECONDS = 63072000 # as in Strict-Transport-Security : max-age=yunohost/data/templates/nginx/yunohost_admin.conf
+SECURE_HSTS_PRELOAD = False    # already done by YunoHost
 SECURE_HSTS_INCLUDE_SUBDOMAINS = False
 
 # URL of login