fix: Improve HSTS warning wording as suggested by reviewer

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
author: Côme Chilliet <come.chilliet@nextcloud.com> 2024-03-14 11:49:47 +0100
committer: Côme Chilliet <come.chilliet@nextcloud.com> 2024-03-14 11:49:47 +0100
commit: 6278cf181ea90f550ff712a9850495b794b0dcf4 (patch)
tree: f67aa4198dfa58c62f348a5e42ce84b7f103fe6b /apps/settings/tests
parent: 58ae7e4b28e8a5c34b817efec53a81f092903415 (diff)
download: nextcloud-server-6278cf181ea90f550ff712a9850495b794b0dcf4.tar.gz
nextcloud-server-6278cf181ea90f550ff712a9850495b794b0dcf4.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/apps/settings/tests/SetupChecks/SecurityHeadersTest.php b/apps/settings/tests/SetupChecks/SecurityHeadersTest.php
index 0856cca38ca..fb8eb757460 100644
--- a/apps/settings/tests/SetupChecks/SecurityHeadersTest.php
+++ b/apps/settings/tests/SetupChecks/SecurityHeadersTest.php
@@ -165,7 +165,7 @@ class SecurityHeadersTest extends TestCase {
 			'referrer-origin-when-cross-origin' => [['Referrer-Policy' => 'origin-when-cross-origin'], "- The `Referrer-Policy` HTTP header is not set to `no-referrer`, `no-referrer-when-downgrade`, `strict-origin`, `strict-origin-when-cross-origin` or `same-origin`. This can leak referer information. See the {w3c-recommendation}.\n"],
 			'referrer-unsafe-url' => [['Referrer-Policy' => 'unsafe-url'], "- The `Referrer-Policy` HTTP header is not set to `no-referrer`, `no-referrer-when-downgrade`, `strict-origin`, `strict-origin-when-cross-origin` or `same-origin`. This can leak referer information. See the {w3c-recommendation}.\n"],
 			'hsts-missing' => [['Strict-Transport-Security' => ''], "- The `Strict-Transport-Security` HTTP header is not set (should be at least `15552000` seconds). For enhanced security, it is recommended to enable HSTS.\n"],
-			'hsts-too-low' => [['Strict-Transport-Security' => 'max-age=15551999'], "- The `Strict-Transport-Security` HTTP header is not set to at least `15552000` seconds (current value: `15551999`). For enhanced security, it is recommended to enable HSTS.\n"],
+			'hsts-too-low' => [['Strict-Transport-Security' => 'max-age=15551999'], "- The `Strict-Transport-Security` HTTP header is not set to at least `15552000` seconds (current value: `15551999`). For enhanced security, it is recommended to use a long HSTS policy.\n"],
 			'hsts-malformed' => [['Strict-Transport-Security' => 'iAmABogusHeader342'], "- The `Strict-Transport-Security` HTTP header is malformed: `iAmABogusHeader342`. For enhanced security, it is recommended to enable HSTS.\n"],
 		];
 	}
author	Côme Chilliet <come.chilliet@nextcloud.com>	2024-03-14 11:49:47 +0100
committer	Côme Chilliet <come.chilliet@nextcloud.com>	2024-03-14 11:49:47 +0100
commit	6278cf181ea90f550ff712a9850495b794b0dcf4 (patch)
tree	f67aa4198dfa58c62f348a5e42ce84b7f103fe6b /apps/settings/tests
parent	58ae7e4b28e8a5c34b817efec53a81f092903415 (diff)
download	nextcloud-server-6278cf181ea90f550ff712a9850495b794b0dcf4.tar.gz nextcloud-server-6278cf181ea90f550ff712a9850495b794b0dcf4.zip