Fix HSTS default expire in ActionDispatch::SSL docs.

author: Pedro Nascimento <pnascimento@gmail.com> 2015-09-13 23:58:39 -0300
committer: Pedro Nascimento <pnascimento@gmail.com> 2015-09-14 00:04:51 -0300
commit: 7c4716008d79f518586453520bc7dc2d78c98205 (patch)
tree: b400816ff9a5384f8e19728dc6967399eac8bd9f /actionpack
parent: e57bf9d28be9e480df827d4c83a42ecfa166b092 (diff)
download: rails-7c4716008d79f518586453520bc7dc2d78c98205.tar.gz
rails-7c4716008d79f518586453520bc7dc2d78c98205.tar.bz2
rails-7c4716008d79f518586453520bc7dc2d78c98205.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/actionpack/lib/action_dispatch/middleware/ssl.rb b/actionpack/lib/action_dispatch/middleware/ssl.rb
index b72953f1d1..47f475559a 100644
--- a/actionpack/lib/action_dispatch/middleware/ssl.rb
+++ b/actionpack/lib/action_dispatch/middleware/ssl.rb
@@ -15,7 +15,8 @@ module ActionDispatch
   #
   # Configure HSTS with `hsts: { … }`:
   #   * `expires`: How long, in seconds, these settings will stick. Defaults to
-  #     `18.weeks`, the minimum required to qualify for browser preload lists.
+  #     `180.days` (recommended). The minimum required to qualify for browser
+  #     preload lists is `18.weeks`.
   #   * `subdomains`: Set to `true` to tell the browser to apply these settings
   #     to all subdomains. This protects your cookies from interception by a
   #     vulnerable site on a subdomain. Defaults to `false`.
author	Pedro Nascimento <pnascimento@gmail.com>	2015-09-13 23:58:39 -0300
committer	Pedro Nascimento <pnascimento@gmail.com>	2015-09-14 00:04:51 -0300
commit	7c4716008d79f518586453520bc7dc2d78c98205 (patch)
tree	b400816ff9a5384f8e19728dc6967399eac8bd9f /actionpack
parent	e57bf9d28be9e480df827d4c83a42ecfa166b092 (diff)
download	rails-7c4716008d79f518586453520bc7dc2d78c98205.tar.gz rails-7c4716008d79f518586453520bc7dc2d78c98205.tar.bz2 rails-7c4716008d79f518586453520bc7dc2d78c98205.zip