mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2025-05-13 22:54:42 -04:00
Updated to send hsts in https header
This commit is contained in:
Cheng-Han, Wu
parent
f889ffaa9f
commit
d69d65ea74
2 changed files with 9 additions and 0 deletions
8
app.js
8
app.js
|
|
@ -17,6 +17,7 @@ var imgur = require('imgur');
|
|||
var formidable = require('formidable');
|
||||
var morgan = require('morgan');
|
||||
var passportSocketIo = require("passport.socketio");
|
||||
var helmet = require('helmet');
|
||||
|
||||
//core
|
||||
var config = require("./config.js");
|
||||
|
|
@ -92,6 +93,13 @@ var sessionStore = new MongoStore({
|
|||
//compression
|
||||
app.use(compression());
|
||||
|
||||
// use hsts to tell https users stick to this
|
||||
app.use(helmet.hsts({
|
||||
maxAge: 31536000 * 1000, // 365 days
|
||||
includeSubdomains: true,
|
||||
preload: true
|
||||
}));
|
||||
|
||||
//session
|
||||
app.use(session({
|
||||
name: config.sessionname,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue