From 2d00917ff2e4c9d4fbbb53f5f105299defbb5bc3 Mon Sep 17 00:00:00 2001
From: Tankred Hase <mail@tankredhase.de>
Date: Fri, 10 Jun 2016 17:58:19 +0200
Subject: [PATCH] Add missing max-age param to HPKP

---
 src/app.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/app.js b/src/app.js
index 55f3788..ea7b264 100644
--- a/src/app.js
+++ b/src/app.js
@@ -85,10 +85,10 @@ app.use(function *(next) {
 // Set HTTP response headers
 app.use(function *(next) {
   if (util.isTrue(config.server.upgradeHTTPS)) {
-    this.set('Strict-Transport-Security', 'max-age=31536000');
+    this.set('Strict-Transport-Security', 'max-age=16070400');
   }
   if (config.server.publicKeyPin) {
-    this.set('Public-Key-Pins', 'pin-sha256="' + config.server.publicKeyPin + '"');
+    this.set('Public-Key-Pins', 'pin-sha256="' + config.server.publicKeyPin + '"; max-age=16070400');
   }
   this.set('Access-Control-Allow-Origin', '*');
   this.set('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');