We currently have custom HSTS-specific settings in the Domain object. We should migrate these to the normal Header configuration that we have for all our other headers:
|
# Strict-Transport-Security header options |
|
# These are not exposed to users because it's easy to misconfigure things |
|
# and hard to back out changes cleanly |
|
hsts_max_age = models.PositiveIntegerField( |
|
default=0, |
|
help_text=_('Set a custom max-age (eg. 31536000) for the HSTS header') |
|
) |
|
hsts_include_subdomains = models.BooleanField( |
|
default=False, |
|
help_text=_('If hsts_max_age > 0, set the includeSubDomains flag with the HSTS header') |
|
) |
|
hsts_preload = models.BooleanField( |
|
default=False, |
|
help_text=_('If hsts_max_age > 0, set the preload flag with the HSTS header') |
|
) |
|
class HTTPHeader(TimeStampedModel, models.Model): |
