From bf6beb3e1846175a5baad4fd780d7df36385a909 Mon Sep 17 00:00:00 2001
From: Chunxi Luo <chuluo@redhat.com>
Date: Fri, 8 Jul 2022 12:55:43 -0400
Subject: [PATCH] update CSP setting (#901)

Signed-off-by: Chunxi Luo chuluo@redhat.com
---
 app.js | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/app.js b/app.js
index 8a8935d3a..d0aeeae86 100644
--- a/app.js
+++ b/app.js
@@ -49,7 +49,11 @@ const bodyParser = require('body-parser'),
 const app = express()
 
 app.use(helmet({ // in production these headers are set by management-ingress
-  frameguard: false
+  frameguard: false,
+  hsts: {
+    maxAge:            63072000,
+    preload:           true
+  }
 }))
 
 // Remove the X-Powered-By headers.