Merge pull request #21617 from lunks/patch-1

Fix HSTS default expire in ActionDispatch::SSL docs.

Merge pull request #21617 from lunks/patch-1
Fix HSTS default expire in ActionDispatch::SSL docs.
174a57e1 · Claudio B. · e57bf9d2 · 7c471600 · 174a57e1
隐藏空白更改
内联并排

Showing with 2 addition and 1 deletion

actionpack/lib/action_dispatch/middleware/ssl.rb actionpack/lib/action_dispatch/middleware/ssl.rb +2 -1

未找到文件。
--- a/actionpack/lib/action_dispatch/middleware/ssl.rb
+++ b/actionpack/lib/action_dispatch/middleware/ssl.rb
@@ -15,7 +15,8 @@ module ActionDispatch
  #
  # Configure HSTS with `hsts: { … }`:
  #   * `expires`: How long, in seconds, these settings will stick. Defaults to
-  #     `18.weeks`, the minimum required to qualify for browser preload lists.
+  #     `180.days` (recommended). The minimum required to qualify for browser
+  #     preload lists is `18.weeks`.
  #   * `subdomains`: Set to `true` to tell the browser to apply these settings
  #     to all subdomains. This protects your cookies from interception by a
  #     vulnerable site on a subdomain. Defaults to `false`.