config/config.exs

@@ -487,7 +487,7 @@
 config :pleroma, :http_security,
   enabled: true,
   sts: false,
-  sts_max_age: 31_536_000,
+  sts_max_age: 63_072_000,
   ct_max_age: 2_592_000,
   referrer_policy: "same-origin"
 

config/description.exs

@@ -1750,7 +1750,7 @@
         label: "STS max age",
         type: :integer,
         description: "The maximum age for the Strict-Transport-Security header if sent",
-        suggestions: [31_536_000]
+        suggestions: [63_072_000]
       },
       %{
         key: :ct_max_age,

docs/docs/installation/openbsd_en.md

@@ -167,7 +167,7 @@ http protocol plerup { # Protocol for upstream akkoma server
 	match response header append "Referrer-Policy" value "same-origin"
 	match response header append "Content-Security-Policy" value "default-src 'none'; base-uri 'self'; form-action 'self'; img-src 'self' data: https:; media-src 'self' https:; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self'; connect-src 'self' wss://CHANGEME.tld; upgrade-insecure-requests;" # Modify "CHANGEME.tld" and set your instance's domain here
 	match request header append "Connection" value "upgrade"
-	#match response header append "Strict-Transport-Security" value "max-age=31536000; includeSubDomains" # Uncomment this only after you get HTTPS working.
+	#match response header append "Strict-Transport-Security" value "max-age=63072000; includeSubDomains" # Uncomment this only after you get HTTPS working.
 
 	# If you do not want remote frontends to be able to access your Akkoma backend server, comment these lines
 	match response header append "Access-Control-Allow-Origin" value "*"