Merge pull request #1309 from lirantal/bugfix/hsts-already-defined-by-helmet

fix(hsts): removing HSTS configuration set on lusca's csrf settings
This commit is contained in:
Liran Tal
2016-04-22 08:44:11 +03:00

View File

@@ -34,11 +34,6 @@ module.exports = {
csp: { /* Content Security Policy object */},
xframe: 'SAMEORIGIN',
p3p: 'ABCDEF',
hsts: {
maxAge: 31536000, // Forces HTTPS for one year
includeSubDomains: true,
preload: true
},
xssProtection: true
},
logo: 'modules/core/client/img/brand/logo.png',