_secure_headers.rb in pah-0.0.5

- old
+ new

@@ -4,9 +4,20 @@
   ensure_security_headers # See more: https://github.com/twitter/secureheaders
 EOF
 in_root do
   inject_into_file 'app/controllers/application_controller.rb', content, {after: "with: :exception", verbose: false}
 end
+create_file "config/initializers/secure_headers.rb" do
+<<-EOF
+::SecureHeaders::Configuration.configure do |config|
+  config.hsts = {:max_age => 20.years.to_i, :include_subdomains => true}
+  config.x_frame_options = 'DENY'
+  config.x_content_type_options = "nosniff"
+  config.x_xss_protection = {:value => 1, :mode => 'block'}
+  config.csp = false
+end
+EOF
+end
 git :add => 'app/controllers/application_controller.rb'
 git :commit => "-qm 'Adding secure headers.'"
 
 puts "\n"