From c9169e41a1448d5cd8f0197412f012e4b7e16508 Mon Sep 17 00:00:00 2001 From: Liran Tal Date: Wed, 13 Apr 2016 13:42:21 +0300 Subject: [PATCH] fix(hsts): removing hsts configuration set on lusca's csrf settings but is already configured and provided using helmet --- config/env/default.js | 5 ----- 1 file changed, 5 deletions(-) diff --git a/config/env/default.js b/config/env/default.js index b19e5e7d..75a908d1 100644 --- a/config/env/default.js +++ b/config/env/default.js @@ -34,11 +34,6 @@ module.exports = { csp: { /* Content Security Policy object */}, xframe: 'SAMEORIGIN', p3p: 'ABCDEF', - hsts: { - maxAge: 31536000, // Forces HTTPS for one year - includeSubDomains: true, - preload: true - }, xssProtection: true }, logo: 'modules/core/client/img/brand/logo.png',