diff options
| author | Morris Jobke <hey@morrisjobke.de> | 2016-04-13 08:40:49 +0200 |
|---|---|---|
| committer | Morris Jobke <hey@morrisjobke.de> | 2016-04-13 08:47:34 +0200 |
| commit | e03d289b70030d8d016b927a9617827672cd6d0c (patch) | |
| tree | 058313d48d90bdc7fee4fc0669c3a5f4fcb15f70 /core/js | |
| parent | a2da7614a0516d1e1c07ef60b308645d7a8ad480 (diff) | |
| download | nextcloud-server-e03d289b70030d8d016b927a9617827672cd6d0c.tar.gz nextcloud-server-e03d289b70030d8d016b927a9617827672cd6d0c.zip | |
Use 6 months as SSL STS header threshold
* this uses 6 months (6 * 30 * 24 * 60 * 60 = 15552000)
* old value was half a year (365 / 2 * 24 * 60 * 60 = 15768000)
* fixes #23957
Diffstat (limited to 'core/js')
| -rw-r--r-- | core/js/setupchecks.js | 2 | ||||
| -rw-r--r-- | core/js/tests/specs/setupchecksSpec.js | 8 |
2 files changed, 5 insertions, 5 deletions
diff --git a/core/js/setupchecks.js b/core/js/setupchecks.js index 025cdb0fcd6..4cc50e51ae6 100644 --- a/core/js/setupchecks.js +++ b/core/js/setupchecks.js @@ -273,7 +273,7 @@ } } - var minimumSeconds = 15768000; + var minimumSeconds = 15552000; if(isNaN(transportSecurityValidity) || transportSecurityValidity <= (minimumSeconds - 1)) { messages.push({ msg: t('core', 'The "Strict-Transport-Security" HTTP header is not configured to at least "{seconds}" seconds. For enhanced security we recommend enabling HSTS as described in our <a href="{docUrl}" rel="noreferrer">security tips</a>.', {'seconds': minimumSeconds, docUrl: '#admin-tips'}), diff --git a/core/js/tests/specs/setupchecksSpec.js b/core/js/tests/specs/setupchecksSpec.js index 6dd8657a077..4931ca990da 100644 --- a/core/js/tests/specs/setupchecksSpec.js +++ b/core/js/tests/specs/setupchecksSpec.js @@ -542,7 +542,7 @@ describe('OC.SetupChecks tests', function() { async.done(function( data, s, x ){ expect(data).toEqual([{ - msg: 'The "Strict-Transport-Security" HTTP header is not configured to at least "15768000" seconds. For enhanced security we recommend enabling HSTS as described in our <a href="#admin-tips" rel="noreferrer">security tips</a>.', + msg: 'The "Strict-Transport-Security" HTTP header is not configured to at least "15552000" seconds. For enhanced security we recommend enabling HSTS as described in our <a href="#admin-tips" rel="noreferrer">security tips</a>.', type: OC.SetupChecks.MESSAGE_TYPE_WARNING }]); done(); @@ -555,7 +555,7 @@ describe('OC.SetupChecks tests', function() { suite.server.requests[0].respond(200, { - 'Strict-Transport-Security': 'max-age=15767999', + 'Strict-Transport-Security': 'max-age=15551999', 'X-XSS-Protection': '1; mode=block', 'X-Content-Type-Options': 'nosniff', 'X-Robots-Tag': 'none', @@ -567,7 +567,7 @@ describe('OC.SetupChecks tests', function() { async.done(function( data, s, x ){ expect(data).toEqual([{ - msg: 'The "Strict-Transport-Security" HTTP header is not configured to at least "15768000" seconds. For enhanced security we recommend enabling HSTS as described in our <a href="#admin-tips" rel="noreferrer">security tips</a>.', + msg: 'The "Strict-Transport-Security" HTTP header is not configured to at least "15552000" seconds. For enhanced security we recommend enabling HSTS as described in our <a href="#admin-tips" rel="noreferrer">security tips</a>.', type: OC.SetupChecks.MESSAGE_TYPE_WARNING }]); done(); @@ -592,7 +592,7 @@ describe('OC.SetupChecks tests', function() { async.done(function( data, s, x ){ expect(data).toEqual([{ - msg: 'The "Strict-Transport-Security" HTTP header is not configured to at least "15768000" seconds. For enhanced security we recommend enabling HSTS as described in our <a href="#admin-tips" rel="noreferrer">security tips</a>.', + msg: 'The "Strict-Transport-Security" HTTP header is not configured to at least "15552000" seconds. For enhanced security we recommend enabling HSTS as described in our <a href="#admin-tips" rel="noreferrer">security tips</a>.', type: OC.SetupChecks.MESSAGE_TYPE_WARNING }]); done(); |