From 3ad55935b63d8860467ec5c67328747166263fd5 Mon Sep 17 00:00:00 2001
From: fschildt <florian.schildt@protonmail.com>
Date: Sun, 19 Oct 2025 17:45:08 +0200
Subject: security: add hsts

---
 fsweb/settings.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/fsweb/settings.py b/fsweb/settings.py
index e4359ea..c86db78 100644
--- a/fsweb/settings.py
+++ b/fsweb/settings.py
@@ -39,6 +39,9 @@ STATIC_ROOT = os.getenv('STATIC_ROOT')
 if is_env_production:
     CSRF_COOKIE_SECURE = True
     SESSION_COOKIE_SECURE = True
+    SECURE_SSL_REDIRECT = True
+    SECURE_HSTS_SECONDS = 31536000
+    SECURE_HSTS_INCLUDE_SUBDOMAINS = True
 
 
 
-- 
cgit v1.2.3