depau/HackMD
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Merge pull request #1064 from SISheogorath/fix/hstsSeconds

Browse source 
Fix wrong maxAgeSeconds multiplication
This commit is contained in:
Christoph (Sheogorath) Kern 2018-11-21 01:29:04 +01:00 committed by GitHub
commit 2244b11730
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app.js
View file

@ -83,7 +83,7 @@ app.use(compression())
// use hsts to tell https users stick to this
if (config.hsts.enable) {
app.use(helmet.hsts({
maxAge: config.hsts.maxAgeSeconds * 1000,
maxAge: config.hsts.maxAgeSeconds,
includeSubdomains: config.hsts.includeSubdomains,
preload: config.hsts.preload
}))

2
lib/config/default.js
View file

@ -13,7 +13,7 @@ module.exports = {
useSSL: false,
hsts: {
enable: true,
maxAgeSeconds: 31536000,
maxAgeSeconds: 60 * 60 * 24 * 365,
includeSubdomains: true,
preload: true
},