From a719203ee0d018c432575107d56bbe3d6b9ff0b5 Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sun, 30 Jan 2022 20:00:04 +0100
Subject: [PATCH] Include subdomains and preload in HSTS

---
 photo21/settings.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/photo21/settings.py b/photo21/settings.py
index 216bc96..41a845b 100644
--- a/photo21/settings.py
+++ b/photo21/settings.py
@@ -45,8 +45,10 @@ ADMINS = [
 SESSION_COOKIE_SECURE = not DEBUG
 CSRF_COOKIE_SECURE = not DEBUG
 
-# Remember HTTPS for 24h
-SECURE_HSTS_SECONDS = 86400
+# Remember HTTPS for 1 year
+SECURE_HSTS_SECONDS = 31536000
+SECURE_HSTS_INCLUDE_SUBDOMAINS = True
+SECURE_HSTS_PRELOAD = True
 
 # Application definition