mirror of https://github.com/status-im/codimd.git
Updated to send hsts in https header
This commit is contained in:
parent
f889ffaa9f
commit
d69d65ea74
8
app.js
8
app.js
|
@ -17,6 +17,7 @@ var imgur = require('imgur');
|
||||||
var formidable = require('formidable');
|
var formidable = require('formidable');
|
||||||
var morgan = require('morgan');
|
var morgan = require('morgan');
|
||||||
var passportSocketIo = require("passport.socketio");
|
var passportSocketIo = require("passport.socketio");
|
||||||
|
var helmet = require('helmet');
|
||||||
|
|
||||||
//core
|
//core
|
||||||
var config = require("./config.js");
|
var config = require("./config.js");
|
||||||
|
@ -92,6 +93,13 @@ var sessionStore = new MongoStore({
|
||||||
//compression
|
//compression
|
||||||
app.use(compression());
|
app.use(compression());
|
||||||
|
|
||||||
|
// use hsts to tell https users stick to this
|
||||||
|
app.use(helmet.hsts({
|
||||||
|
maxAge: 31536000 * 1000, // 365 days
|
||||||
|
includeSubdomains: true,
|
||||||
|
preload: true
|
||||||
|
}));
|
||||||
|
|
||||||
//session
|
//session
|
||||||
app.use(session({
|
app.use(session({
|
||||||
name: config.sessionname,
|
name: config.sessionname,
|
||||||
|
|
|
@ -22,6 +22,7 @@
|
||||||
"express-session": "^1.13.0",
|
"express-session": "^1.13.0",
|
||||||
"formidable": "^1.0.17",
|
"formidable": "^1.0.17",
|
||||||
"highlight.js": "^9.1.0",
|
"highlight.js": "^9.1.0",
|
||||||
|
"helmet": "^1.3.0",
|
||||||
"imgur": "^0.1.7",
|
"imgur": "^0.1.7",
|
||||||
"jsdom-nogyp": "^0.8.3",
|
"jsdom-nogyp": "^0.8.3",
|
||||||
"kerberos": "0.0.17",
|
"kerberos": "0.0.17",
|
||||||
|
|
Loading…
Reference in New Issue