diff --git a/core/js/setupchecks.js b/core/js/setupchecks.js
index 025cdb0fcd..4cc50e51ae 100644
--- a/core/js/setupchecks.js
+++ b/core/js/setupchecks.js
@@ -273,7 +273,7 @@
}
}
- var minimumSeconds = 15768000;
+ var minimumSeconds = 15552000;
if(isNaN(transportSecurityValidity) || transportSecurityValidity <= (minimumSeconds - 1)) {
messages.push({
msg: t('core', 'The "Strict-Transport-Security" HTTP header is not configured to at least "{seconds}" seconds. For enhanced security we recommend enabling HSTS as described in our security tips.', {'seconds': minimumSeconds, docUrl: '#admin-tips'}),
diff --git a/core/js/tests/specs/setupchecksSpec.js b/core/js/tests/specs/setupchecksSpec.js
index 6dd8657a07..4931ca990d 100644
--- a/core/js/tests/specs/setupchecksSpec.js
+++ b/core/js/tests/specs/setupchecksSpec.js
@@ -542,7 +542,7 @@ describe('OC.SetupChecks tests', function() {
async.done(function( data, s, x ){
expect(data).toEqual([{
- msg: 'The "Strict-Transport-Security" HTTP header is not configured to at least "15768000" seconds. For enhanced security we recommend enabling HSTS as described in our security tips.',
+ msg: 'The "Strict-Transport-Security" HTTP header is not configured to at least "15552000" seconds. For enhanced security we recommend enabling HSTS as described in our security tips.',
type: OC.SetupChecks.MESSAGE_TYPE_WARNING
}]);
done();
@@ -555,7 +555,7 @@ describe('OC.SetupChecks tests', function() {
suite.server.requests[0].respond(200,
{
- 'Strict-Transport-Security': 'max-age=15767999',
+ 'Strict-Transport-Security': 'max-age=15551999',
'X-XSS-Protection': '1; mode=block',
'X-Content-Type-Options': 'nosniff',
'X-Robots-Tag': 'none',
@@ -567,7 +567,7 @@ describe('OC.SetupChecks tests', function() {
async.done(function( data, s, x ){
expect(data).toEqual([{
- msg: 'The "Strict-Transport-Security" HTTP header is not configured to at least "15768000" seconds. For enhanced security we recommend enabling HSTS as described in our security tips.',
+ msg: 'The "Strict-Transport-Security" HTTP header is not configured to at least "15552000" seconds. For enhanced security we recommend enabling HSTS as described in our security tips.',
type: OC.SetupChecks.MESSAGE_TYPE_WARNING
}]);
done();
@@ -592,7 +592,7 @@ describe('OC.SetupChecks tests', function() {
async.done(function( data, s, x ){
expect(data).toEqual([{
- msg: 'The "Strict-Transport-Security" HTTP header is not configured to at least "15768000" seconds. For enhanced security we recommend enabling HSTS as described in our security tips.',
+ msg: 'The "Strict-Transport-Security" HTTP header is not configured to at least "15552000" seconds. For enhanced security we recommend enabling HSTS as described in our security tips.',
type: OC.SetupChecks.MESSAGE_TYPE_WARNING
}]);
done();