From cf2b8a5e713781c66ca83ac4a4aa96325481bd9b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E2=80=9Cjeramysoucy=E2=80=9D?= <jeramy.soucy@elastic.co>
Date: Wed, 17 May 2023 12:18:46 -0400
Subject: [PATCH] Adds comment in serverless.yml for dev override

---
 config/serverless.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/config/serverless.yml b/config/serverless.yml
index 58ce06014534c..b9cf2a384873d 100644
--- a/config/serverless.yml
+++ b/config/serverless.yml
@@ -26,6 +26,7 @@ telemetry.allowChangingOptInStatus: false
 
 # Harden security response headers, see https://github.com/elastic/kibana/issues/150884
 # The browser should remember that a site, including subdomains, is only to be accessed using HTTPS for 1 year
+# Can override this setting in kibana.dev.yml, e.g. server.securityResponseHeaders.strictTransportSecurity: null
 server.securityResponseHeaders.strictTransportSecurity: max-age=31536000; includeSubDomains
 # Disable embedding for serverless MVP
 server.securityResponseHeaders.disableEmbedding: true