diff --git a/config/config.exs b/config/config.exs index ba77d8b02..cab4a0845 100644 --- a/config/config.exs +++ b/config/config.exs @@ -487,7 +487,7 @@ config :pleroma, Pleroma.Web.Preload, config :pleroma, :http_security, enabled: true, sts: false, - sts_max_age: 31_536_000, + sts_max_age: 63_072_000, ct_max_age: 2_592_000, referrer_policy: "same-origin" diff --git a/config/description.exs b/config/description.exs index 287abb747..cd1f00339 100644 --- a/config/description.exs +++ b/config/description.exs @@ -1750,7 +1750,7 @@ config :pleroma, :config_description, [ label: "STS max age", type: :integer, description: "The maximum age for the Strict-Transport-Security header if sent", - suggestions: [31_536_000] + suggestions: [63_072_000] }, %{ key: :ct_max_age, diff --git a/docs/docs/installation/openbsd_en.md b/docs/docs/installation/openbsd_en.md index e4ee661b1..8b2c459dc 100644 --- a/docs/docs/installation/openbsd_en.md +++ b/docs/docs/installation/openbsd_en.md @@ -167,7 +167,7 @@ http protocol plerup { # Protocol for upstream akkoma server match response header append "Referrer-Policy" value "same-origin" match response header append "Content-Security-Policy" value "default-src 'none'; base-uri 'self'; form-action 'self'; img-src 'self' data: https:; media-src 'self' https:; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self'; connect-src 'self' wss://CHANGEME.tld; upgrade-insecure-requests;" # Modify "CHANGEME.tld" and set your instance's domain here match request header append "Connection" value "upgrade" - #match response header append "Strict-Transport-Security" value "max-age=31536000; includeSubDomains" # Uncomment this only after you get HTTPS working. + #match response header append "Strict-Transport-Security" value "max-age=63072000; includeSubDomains" # Uncomment this only after you get HTTPS working. # If you do not want remote frontends to be able to access your Akkoma backend server, comment these lines match response header append "Access-Control-Allow-Origin" value "*"