From 1c6425201515851e1bdbdff477a9740da3d89136 Mon Sep 17 00:00:00 2001
From: David Dosoudil <69464125+phantomski77@users.noreply.github.com>
Date: Sat, 13 Mar 2021 12:40:47 +0000
Subject: [PATCH] Update _hsts.conf template

I propose the change to max-age value of HSTS from 1 year to 2 years.
---
 backend/templates/_hsts.conf | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/backend/templates/_hsts.conf b/backend/templates/_hsts.conf
index cd8ec18a..11aecf24 100644
--- a/backend/templates/_hsts.conf
+++ b/backend/templates/_hsts.conf
@@ -1,8 +1,8 @@
 {% if certificate and certificate_id > 0 -%}
 {% if ssl_forced == 1 or ssl_forced == true %}
 {% if hsts_enabled == 1 or hsts_enabled == true %}
-  # HSTS (ngx_http_headers_module is required) (31536000 seconds = 1 year)
-  add_header Strict-Transport-Security "max-age=31536000;{% if hsts_subdomains == 1 or hsts_subdomains == true -%} includeSubDomains;{% endif %} preload" always;
+  # HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
+  add_header Strict-Transport-Security "max-age=63072000;{% if hsts_subdomains == 1 or hsts_subdomains == true -%} includeSubDomains;{% endif %} preload" always;
+{% endif %}
 {% endif %}
 {% endif %}
-{% endif %}
\ No newline at end of file