Added Strict-Transport-Security header

This commit is contained in:
Absurdon 2017-04-18 14:17:01 +02:00
parent dc485dc9b6
commit f50cf282ab

View file

@ -17,6 +17,13 @@ module.exports = app => {
res.setHeader('X-GNU', 'Michael J Blanchard'); res.setHeader('X-GNU', 'Michael J Blanchard');
next(); next();
}); });
// Enforce HTTPS in production
if (env === 'production') {
app.use((req,res,next) => {
res.setHeader('Strict-Transport-Security', 'max-age=2592000; includeSubdomains'); // Enforce usage of HTTPS; max-age = 30 days
next();
});
}
app.use(express.static(path.join(__dirname, '../public'))); app.use(express.static(path.join(__dirname, '../public')));
app.use(cookieParser()); app.use(cookieParser());
app.use(favicon(path.join(__dirname, '../public/favicon.ico'))); app.use(favicon(path.join(__dirname, '../public/favicon.ico')));