From d69d65ea7434eee85db4b905f0852f4d8fa7ecce Mon Sep 17 00:00:00 2001 From: "Cheng-Han, Wu" Date: Tue, 15 Mar 2016 10:41:49 +0800 Subject: [PATCH] Updated to send hsts in https header --- app.js | 8 ++++++++ package.json | 1 + 2 files changed, 9 insertions(+) diff --git a/app.js b/app.js index 9ab1e82a..e1330790 100644 --- a/app.js +++ b/app.js @@ -17,6 +17,7 @@ var imgur = require('imgur'); var formidable = require('formidable'); var morgan = require('morgan'); var passportSocketIo = require("passport.socketio"); +var helmet = require('helmet'); //core var config = require("./config.js"); @@ -92,6 +93,13 @@ var sessionStore = new MongoStore({ //compression app.use(compression()); +// use hsts to tell https users stick to this +app.use(helmet.hsts({ + maxAge: 31536000 * 1000, // 365 days + includeSubdomains: true, + preload: true +})); + //session app.use(session({ name: config.sessionname, diff --git a/package.json b/package.json index 4d701966..9f9535ac 100644 --- a/package.json +++ b/package.json @@ -22,6 +22,7 @@ "express-session": "^1.13.0", "formidable": "^1.0.17", "highlight.js": "^9.1.0", + "helmet": "^1.3.0", "imgur": "^0.1.7", "jsdom-nogyp": "^0.8.3", "kerberos": "0.0.17",