Add on/off env var for HSTS

2017-10-13 01:14:50 +02:00 · 2017-10-13 01:14:50 +02:00 · 1634d5c567
commit 1634d5c567
parent 56411ca0e1
3 changed files with 8 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -154,6 +154,7 @@ Environment variables (will overwrite other server configs)
 | HMD_S3_SECRET_ACCESS_KEY | no example | AWS secret key |
 | HMD_S3_REGION | `ap-northeast-1` | AWS S3 region |
 | HMD_S3_BUCKET | no example | AWS S3 bucket name |
 | HMD_HSTS_ENABLE | ` true`  | set to enable [HSTS](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) if HTTPS is also enabled (default is ` true`) |
 Application settings `config.json`
 ---
--- a/app.json
+++ b/app.json
@ -23,7 +23,10 @@
            "description": "Specify database type. See sequelize available databases. Default using postgres",
            "value": "postgres"
        },
-
+        "HMD_HSTS_ENABLE": {
            "description": "whether to also use HSTS if HTTPS is enabled",
            "required": false
        },
        "HMD_DOMAIN": {
            "description": "domain name",
            "required": false
--- a/lib/config/environment.js
+++ b/lib/config/environment.js
@ -8,6 +8,9 @@ module.exports = {
  port: process.env.HMD_PORT,
  urladdport: toBooleanConfig(process.env.HMD_URL_ADDPORT),
  usessl: toBooleanConfig(process.env.HMD_USESSL),
  hsts: {
    enable: toBooleanConfig(process.env.HMD_HSTS_ENABLE),
  },
  protocolusessl: toBooleanConfig(process.env.HMD_PROTOCOL_USESSL),
  alloworigin: process.env.HMD_ALLOW_ORIGIN ? process.env.HMD_ALLOW_ORIGIN.split(',') : undefined,
  usecdn: toBooleanConfig(process.env.HMD_USECDN),