Enable HSTS for subdomains (#5295)

Fixes TOB-RGM-4 Signed-off-by: Samuel Giddins <[email protected]>
rubygems · Dec 13, 2024 · b179be5 · b179be5
1 parent 0a81b21
commit b179be5
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/config/environments/production.rb b/config/environments/production.rb
@@ -44,7 +44,7 @@
   # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
   config.force_ssl = true
   config.ssl_options = {
-    hsts: { expires: 365.days, subdomains: false },
+    hsts: { expires: 365.days, subdomains: true },
     redirect: {
       exclude: ->(request) { request.path.start_with?('/internal') }
     }

diff --git a/config/environments/staging.rb b/config/environments/staging.rb
@@ -50,7 +50,7 @@
   # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
   config.force_ssl = true
   config.ssl_options = {
-    hsts: { expires: 365.days, subdomains: false },
+    hsts: { expires: 365.days, subdomains: true },
     redirect: {
       exclude: ->(request) { request.path.start_with?('/internal') }
     }