From 1634d5c567180b072ed4e345b841642f4ea70924 Mon Sep 17 00:00:00 2001
From: Literallie <git@l1t.li>
Date: Fri, 13 Oct 2017 01:14:50 +0200
Subject: [PATCH] Add on/off env var for HSTS

---
 README.md                 | 1 +
 app.json                  | 5 ++++-
 lib/config/environment.js | 3 +++
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 0fecc43..dd418d6 100644
--- a/README.md
+++ b/README.md
@@ -154,6 +154,7 @@ Environment variables (will overwrite other server configs)
 | HMD_S3_SECRET_ACCESS_KEY | no example | AWS secret key |
 | HMD_S3_REGION | `ap-northeast-1` | AWS S3 region |
 | HMD_S3_BUCKET | no example | AWS S3 bucket name |
+| HMD_HSTS_ENABLE | ` true`  | set to enable [HSTS](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) if HTTPS is also enabled (default is ` true`) |
 
 Application settings `config.json`
 ---
diff --git a/app.json b/app.json
index e06720f..07678ce 100644
--- a/app.json
+++ b/app.json
@@ -23,7 +23,10 @@
             "description": "Specify database type. See sequelize available databases. Default using postgres",
             "value": "postgres"
         },
-
+        "HMD_HSTS_ENABLE": {
+            "description": "whether to also use HSTS if HTTPS is enabled",
+            "required": false
+        },
         "HMD_DOMAIN": {
             "description": "domain name",
             "required": false
diff --git a/lib/config/environment.js b/lib/config/environment.js
index c108a6f..27b697a 100644
--- a/lib/config/environment.js
+++ b/lib/config/environment.js
@@ -8,6 +8,9 @@ module.exports = {
   port: process.env.HMD_PORT,
   urladdport: toBooleanConfig(process.env.HMD_URL_ADDPORT),
   usessl: toBooleanConfig(process.env.HMD_USESSL),
+  hsts: {
+    enable: toBooleanConfig(process.env.HMD_HSTS_ENABLE),
+  },
   protocolusessl: toBooleanConfig(process.env.HMD_PROTOCOL_USESSL),
   alloworigin: process.env.HMD_ALLOW_ORIGIN ? process.env.HMD_ALLOW_ORIGIN.split(',') : undefined,
   usecdn: toBooleanConfig(process.env.HMD_USECDN),