From 1634d5c567180b072ed4e345b841642f4ea70924 Mon Sep 17 00:00:00 2001 From: Literallie Date: Fri, 13 Oct 2017 01:14:50 +0200 Subject: [PATCH] Add on/off env var for HSTS --- README.md | 1 + app.json | 5 ++++- lib/config/environment.js | 3 +++ 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 0fecc43..dd418d6 100644 --- a/README.md +++ b/README.md @@ -154,6 +154,7 @@ Environment variables (will overwrite other server configs) | HMD_S3_SECRET_ACCESS_KEY | no example | AWS secret key | | HMD_S3_REGION | `ap-northeast-1` | AWS S3 region | | HMD_S3_BUCKET | no example | AWS S3 bucket name | +| HMD_HSTS_ENABLE | ` true` | set to enable [HSTS](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) if HTTPS is also enabled (default is ` true`) | Application settings `config.json` --- diff --git a/app.json b/app.json index e06720f..07678ce 100644 --- a/app.json +++ b/app.json @@ -23,7 +23,10 @@ "description": "Specify database type. See sequelize available databases. Default using postgres", "value": "postgres" }, - + "HMD_HSTS_ENABLE": { + "description": "whether to also use HSTS if HTTPS is enabled", + "required": false + }, "HMD_DOMAIN": { "description": "domain name", "required": false diff --git a/lib/config/environment.js b/lib/config/environment.js index c108a6f..27b697a 100644 --- a/lib/config/environment.js +++ b/lib/config/environment.js @@ -8,6 +8,9 @@ module.exports = { port: process.env.HMD_PORT, urladdport: toBooleanConfig(process.env.HMD_URL_ADDPORT), usessl: toBooleanConfig(process.env.HMD_USESSL), + hsts: { + enable: toBooleanConfig(process.env.HMD_HSTS_ENABLE), + }, protocolusessl: toBooleanConfig(process.env.HMD_PROTOCOL_USESSL), alloworigin: process.env.HMD_ALLOW_ORIGIN ? process.env.HMD_ALLOW_ORIGIN.split(',') : undefined, usecdn: toBooleanConfig(process.env.HMD_USECDN),