sts-sponsors team mailing list archive

Thread
Date

[Merge] ~ack/maas:1995084-bump-hsts-max-age into maas:master

To: mp+441659@xxxxxxxxxxxxxxxxxx
From: Alberto Donato <mp+441659@xxxxxxxxxxxxxxxxxx>
Date: Fri, 21 Apr 2023 08:52:23 -0000
In-reply-to: <168206712740.4771.6326386298323114088.launchpad@juju-4112d9-prod-launchpad-manual-servers-36.openstack.prodstack5.lan>
Reply-to: mp+441659@xxxxxxxxxxxxxxxxxx
Sender: noreply@xxxxxxxxxxxxx

Alberto Donato has proposed merging ~ack/maas:1995084-bump-hsts-max-age into maas:master.

Commit message:
bump HSTS max-age value to 6 months (reccomended minimum)



Requested reviews:
  MAAS Lander (maas-lander): unittests
  MAAS Maintainers (maas-maintainers)

For more details, see:
https://code.launchpad.net/~ack/maas/+git/maas/+merge/441659
-- 
Your team MAAS Maintainers is requested to review the proposed merge of ~ack/maas:1995084-bump-hsts-max-age into maas:master.

diff --git a/src/maasserver/templates/http/regiond.nginx.conf.template b/src/maasserver/templates/http/regiond.nginx.conf.template
index 13b1cbe..1c0c539 100644
--- a/src/maasserver/templates/http/regiond.nginx.conf.template
+++ b/src/maasserver/templates/http/regiond.nginx.conf.template
@@ -24,7 +24,7 @@ server {
     ssl_prefer_server_ciphers on;
     ssl_session_cache shared:SSL:10m;
 
-    add_header Strict-Transport-Security 'max-age=86400; includeSubdomains' always;
+    add_header Strict-Transport-Security 'max-age=15552000; includeSubdomains' always;
     {{else}}
     listen [::]:{{http_port}};
     listen {{http_port}};