-
Notifications
You must be signed in to change notification settings - Fork 302
HSTS
Yash Thakur edited this page Oct 7, 2017
·
4 revisions
HSTS is a web security policy mechanism which helps to protect websites against protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers (or other complying user agents) should only interact with it using secure HTTPS connections, and never via the insecure HTTP protocol. You can read more about HSTS here
- How is it implemented in React-PWA?
-
In
src > config > config.js
it is enabled by default. When the domain is https it will work and wont work when domain is on http. If the developer wants to disable it just useenabled: false
in the following code.
...
hsts: {
enabled: true,
// maxAge: Must be at least 18 weeks to be approved by Google, but we are setting it to 1 year
maxAge: 31536000,
// Must be enabled to be approved by Google
includeSubDomains: true,
preload: false,
},
...
Powered by Atyantik Technologies Private Limited