From 279d65981865496038b634a7b8821f269e6d8ab8 Mon Sep 17 00:00:00 2001
From: timothy-spencer <timothy.spencer@gsa.gov>
Date: Thu, 7 Nov 2019 09:57:42 -0800
Subject: [PATCH] added HSTS headers

---
 tock/tock/settings/base.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/tock/tock/settings/base.py b/tock/tock/settings/base.py
index 4459bbe90..4a15b9a31 100644
--- a/tock/tock/settings/base.py
+++ b/tock/tock/settings/base.py
@@ -127,3 +127,8 @@
 AUTO_LOGOUT_DELAY_MINUTES = 60
 
 TOCK_CHANGE_REQUEST_FORM = 'https://docs.google.com/a/gsa.gov/forms/d/1EpVTxXgRNgYfoSA2J8Oi-csjhFKqFm5DT542vIlahpU/viewform?edit_requested=true'
+
+# enable HSTS according to https://cyber.dhs.gov/bod/18-01/
+SECURE_HSTS_SECONDS = 31536000
+SECURE_HSTS_INCLUDE_SUBDOMAINS = True
+SECURE_HSTS_PRELOAD = True