From 0f10e0836b9b2b1de552e4075499d1a903e8f13e Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@nodebb.org>
Date: Mon, 3 Aug 2020 20:40:44 -0400
Subject: [PATCH] fix: remove duplicate configuration for helmet-hsts

---
 src/webserver.js | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/webserver.js b/src/webserver.js
index 77f0d4b474..ebf0828bde 100644
--- a/src/webserver.js
+++ b/src/webserver.js
@@ -164,9 +164,7 @@ function setupExpressApp(app) {
 		saveUninitialized: nconf.get('sessionSaveUninitialized') || false,
 	}));
 
-	app.use(helmet({
-		hsts: !!meta.config['hsts-enabled'],
-	}));
+	app.use(helmet());
 	app.use(helmet.referrerPolicy({ policy: 'strict-origin-when-cross-origin' }));
 	if (meta.config['hsts-enabled']) {
 		app.use(helmet.hsts({