mirrors/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-05-24 20:14:35 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Make HSTS behaviour configurable; Fixes #584

Browse source
This commit is contained in:
Literallie 2017-10-13 01:09:04 +02:00
parent 53c2d0b5ca
commit 56411ca0e1
No known key found for this signature in database
GPG key ID: 7BE463C902ED152C
4 changed files with 26 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

15
app.js
View file

@ -97,11 +97,16 @@ var sessionStore = new SequelizeStore({
app.use(compression())
// use hsts to tell https users stick to this
app.use(helmet.hsts({
maxAge: 31536000 * 1000, // 365 days
includeSubdomains: true,
preload: true
}))
if (config.hsts.enable) {
app.use(helmet.hsts({
maxAge: config.hsts.maxAgeSeconds * 1000,
includeSubdomains: config.hsts.includeSubdomains,
preload: config.hsts.preload
}))
} else if (config.usessl) {
logger.info('Consider enabling HSTS for extra security:')
logger.info('https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security')
}
i18n.configure({
locales: ['en', 'zh', 'fr', 'de', 'ja', 'es', 'ca', 'el', 'pt', 'it', 'tr', 'ru', 'nl', 'hr', 'pl', 'uk', 'hi', 'sv', 'eo', 'da'],