Merge pull request #1064 from SISheogorath/fix/hstsSeconds

Fix wrong maxAgeSeconds multiplication
2018-11-21 01:29:04 +01:00
parent 2d241b9300 0aa3116805
commit 2244b11730
2 changed files with 2 additions and 2 deletions
--- a/app.js
+++ b/app.js
@@ -83,7 +83,7 @@ app.use(compression())
 // use hsts to tell https users stick to this
 if (config.hsts.enable) {
  app.use(helmet.hsts({
-    maxAge: config.hsts.maxAgeSeconds * 1000,
+    maxAge: config.hsts.maxAgeSeconds,
    includeSubdomains: config.hsts.includeSubdomains,
    preload: config.hsts.preload
  }))
--- a/lib/config/default.js
+++ b/lib/config/default.js
@@ -13,7 +13,7 @@ module.exports = {
  useSSL: false,
  hsts: {
    enable: true,
-    maxAgeSeconds: 31536000,
+    maxAgeSeconds: 60 * 60 * 24 * 365,
    includeSubdomains: true,
    preload: true
  },