diff options
| author | Claudio B. <claudiob@users.noreply.github.com> | 2015-09-13 20:21:31 -0700 |
|---|---|---|
| committer | Claudio B. <claudiob@users.noreply.github.com> | 2015-09-13 20:21:31 -0700 |
| commit | 174a57e1cb4dbd9ef60b136d2c2d380085691956 (patch) | |
| tree | b400816ff9a5384f8e19728dc6967399eac8bd9f /actionpack | |
| parent | e57bf9d28be9e480df827d4c83a42ecfa166b092 (diff) | |
| parent | 7c4716008d79f518586453520bc7dc2d78c98205 (diff) | |
| download | rails-174a57e1cb4dbd9ef60b136d2c2d380085691956.tar.gz rails-174a57e1cb4dbd9ef60b136d2c2d380085691956.tar.bz2 rails-174a57e1cb4dbd9ef60b136d2c2d380085691956.zip | |
Merge pull request #21617 from lunks/patch-1
Fix HSTS default expire in ActionDispatch::SSL docs.
Diffstat (limited to 'actionpack')
| -rw-r--r-- | actionpack/lib/action_dispatch/middleware/ssl.rb | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/actionpack/lib/action_dispatch/middleware/ssl.rb b/actionpack/lib/action_dispatch/middleware/ssl.rb index b72953f1d1..47f475559a 100644 --- a/actionpack/lib/action_dispatch/middleware/ssl.rb +++ b/actionpack/lib/action_dispatch/middleware/ssl.rb @@ -15,7 +15,8 @@ module ActionDispatch # # Configure HSTS with `hsts: { … }`: # * `expires`: How long, in seconds, these settings will stick. Defaults to - # `18.weeks`, the minimum required to qualify for browser preload lists. + # `180.days` (recommended). The minimum required to qualify for browser + # preload lists is `18.weeks`. # * `subdomains`: Set to `true` to tell the browser to apply these settings # to all subdomains. This protects your cookies from interception by a # vulnerable site on a subdomain. Defaults to `false`. |