feat: update strict transport security header to 2 years (#1164)

americanexpress · Oct 30, 2023 · dcaa34b · dcaa34b
1 parent 273f64b
commit dcaa34b
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/__tests__/server/middleware/addSecurityHeaders.spec.js b/__tests__/server/middleware/addSecurityHeaders.spec.js
@@ -26,7 +26,7 @@ describe('addSecurityHeaders', () => {
     const securityHeaders = {
       'X-Frame-Options': 'DENY',
       'X-Content-Type-Options': 'nosniff',
-      'Strict-Transport-Security': 'max-age=15552000; includeSubDomains',
+      'Strict-Transport-Security': 'max-age=63072000; includeSubDomains',
       'X-XSS-Protection': '1; mode=block',
       'Referrer-Policy': 'same-origin',
     };

diff --git a/src/server/middleware/addSecurityHeaders.js b/src/server/middleware/addSecurityHeaders.js
@@ -17,7 +17,7 @@
 export default function addSecurityHeaders(req, res, next) {
   res.set('X-Frame-Options', 'DENY');
   res.set('X-Content-Type-Options', 'nosniff');
-  res.set('Strict-Transport-Security', 'max-age=15552000; includeSubDomains');
+  res.set('Strict-Transport-Security', 'max-age=63072000; includeSubDomains');
   res.set('X-XSS-Protection', '1; mode=block');
   res.set('Referrer-Policy', process.env.ONE_REFERRER_POLICY_OVERRIDE || 'same-origin');
   next();