yujunjun/strapi
1
0
Fork 0
mirror of https://github.com/strapi/strapi.git synced 2025-10-04 12:57:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
strapi/docs/security/hsts.md
loicsaintroch 9f1a2ce51c Add docs about v2
2016-03-22 18:11:11 +01:00

612 B
Raw Blame History

title
HSTS

Enables HTTP Strict Transport Security for the host domain.

The preload flag is required for HSTS domain submissions to Chrome's HSTS preload list.

Configuration

Configuration:

  • Key: hsts
  • Environment: development
  • Location: ./config/environments/development/security.json
  • Type: object

Example:

{
  "hsts": {
    "maxAge": 31536000,
    "includeSubDomains": true
  }
}

Options:

  • maxAge (integer): Number of seconds HSTS is in effect.
  • includeSubDomains (boolean): Applies HSTS to all subdomains of the host.

Notes:

  • Set to false to disable HSTS.