diff --git a/pontoon/settings/base.py b/pontoon/settings/base.py index a1ddb4362a..b5e8f73898 100644 --- a/pontoon/settings/base.py +++ b/pontoon/settings/base.py @@ -873,9 +873,9 @@ def _default_from_email(): # Use correct header for detecting HTTPS on Heroku. SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https") -# Do not set SECURE_HSTS_SECONDS. -# HSTS is being taken care of in pontoon/wsgi.py. -# SECURE_HSTS_SECONDS = 63072000 +# If set to a non-zero integer value, the SecurityMiddleware sets the +# HTTP Strict Transport Security header on all responses that do not already have it. +SECURE_HSTS_SECONDS = 31536000 # 1 year # X-Content-Type-Options: nosniff # Disables browser MIME type sniffing diff --git a/pontoon/wsgi.py b/pontoon/wsgi.py index a82f473357..56cfde163e 100644 --- a/pontoon/wsgi.py +++ b/pontoon/wsgi.py @@ -9,8 +9,6 @@ import dotenv -from wsgi_sslify import sslify - from django.core.wsgi import get_wsgi_application @@ -23,4 +21,4 @@ # sslify sets a Strict-Transport-Security header, # which instructs browsers to always use HTTPS. -application = sslify(get_wsgi_application()) +application = get_wsgi_application() diff --git a/requirements/default.in b/requirements/default.in index eb95400a06..d56391296d 100644 --- a/requirements/default.in +++ b/requirements/default.in @@ -51,7 +51,6 @@ sacrebleu==2.3.1 sacremoses==0.1.1 translate-toolkit==3.3.2 whitenoise==5.2.0 -wsgi-sslify==1.0.1 # Dependencies loaded from outside pypi. silme @ https://github.com/mozilla/silme/archive/v0.11.2.zip diff --git a/requirements/default.txt b/requirements/default.txt index d5dcd5c6df..9d8ad5a2cc 100644 --- a/requirements/default.txt +++ b/requirements/default.txt @@ -1411,14 +1411,7 @@ webencodings==0.5.1 \ --hash=sha256:a0af1213f3c2226497a97e2b3aa01a7e4bee4f403f95be16fc9acd2947514a78 \ --hash=sha256:b36a1c245f2d304965eb4e0a82848379241dc04b865afcc4aab16748587e1923 # via bleach -werkzeug==2.1.2 \ - --hash=sha256:1ce08e8093ed67d638d63879fd1ba3735817f7a80de3674d293f5984f25fb6e6 \ - --hash=sha256:72a4b735692dd3135217911cbeaa1be5fa3f62bffb8745c5215420a03dc55255 - # via wsgi-sslify whitenoise==5.2.0 \ --hash=sha256:05ce0be39ad85740a78750c86a93485c40f08ad8c62a6006de0233765996e5c7 \ --hash=sha256:05d00198c777028d72d8b0bbd234db605ef6d60e9410125124002518a48e515d # via -r requirements/default.in -wsgi-sslify==1.0.1 \ - --hash=sha256:cde368fda0fb9958dd58bc2cb955d0bf3df1b79c132d97cee90be5fda34a5089 - # via -r requirements/default.in