Add env vars for extra HSTS options
This commit is contained in:
parent
1634d5c567
commit
6bdc90d6ff
3 changed files with 18 additions and 0 deletions
|
@ -155,6 +155,9 @@ Environment variables (will overwrite other server configs)
|
||||||
| HMD_S3_REGION | `ap-northeast-1` | AWS S3 region |
|
| HMD_S3_REGION | `ap-northeast-1` | AWS S3 region |
|
||||||
| HMD_S3_BUCKET | no example | AWS S3 bucket name |
|
| HMD_S3_BUCKET | no example | AWS S3 bucket name |
|
||||||
| HMD_HSTS_ENABLE | ` true` | set to enable [HSTS](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) if HTTPS is also enabled (default is ` true`) |
|
| HMD_HSTS_ENABLE | ` true` | set to enable [HSTS](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) if HTTPS is also enabled (default is ` true`) |
|
||||||
|
| HMD_HSTS_INCLUDE_SUBDOMAINS | `true` | set to include subdomains in HSTS (default is `true`) |
|
||||||
|
| HMD_HSTS_MAX_AGE | `31536000` | max duration in seconds to tell clients to keep HSTS status (default is a year) |
|
||||||
|
| HMD_HSTS_PRELOAD | `true` | whether to allow preloading of the site's HSTS status (e.g. into browsers) |
|
||||||
|
|
||||||
Application settings `config.json`
|
Application settings `config.json`
|
||||||
---
|
---
|
||||||
|
|
12
app.json
12
app.json
|
@ -27,6 +27,18 @@
|
||||||
"description": "whether to also use HSTS if HTTPS is enabled",
|
"description": "whether to also use HSTS if HTTPS is enabled",
|
||||||
"required": false
|
"required": false
|
||||||
},
|
},
|
||||||
|
"HMD_HSTS_MAX_AGE": {
|
||||||
|
"description": "max duration, in seconds, to tell clients to keep HSTS status",
|
||||||
|
"required": false
|
||||||
|
},
|
||||||
|
"HMD_HSTS_INCLUDE_SUBDOMAINS": {
|
||||||
|
"description": "whether to tell clients to also regard subdomains as HSTS hosts",
|
||||||
|
"required": false
|
||||||
|
},
|
||||||
|
"HMD_HSTS_PRELOAD": {
|
||||||
|
"description": "whether to allow at all adding of the site to HSTS preloads (e.g. in browsers)",
|
||||||
|
"required": false
|
||||||
|
},
|
||||||
"HMD_DOMAIN": {
|
"HMD_DOMAIN": {
|
||||||
"description": "domain name",
|
"description": "domain name",
|
||||||
"required": false
|
"required": false
|
||||||
|
|
|
@ -10,6 +10,9 @@ module.exports = {
|
||||||
usessl: toBooleanConfig(process.env.HMD_USESSL),
|
usessl: toBooleanConfig(process.env.HMD_USESSL),
|
||||||
hsts: {
|
hsts: {
|
||||||
enable: toBooleanConfig(process.env.HMD_HSTS_ENABLE),
|
enable: toBooleanConfig(process.env.HMD_HSTS_ENABLE),
|
||||||
|
maxAgeSeconds: process.env.HMD_HSTS_MAX_AGE,
|
||||||
|
includeSubdomains: toBooleanConfig(process.env.HMD_HSTS_INCLUDE_SUBDOMAINS),
|
||||||
|
preload: toBooleanConfig(process.env.HMD_HSTS_PRELOAD)
|
||||||
},
|
},
|
||||||
protocolusessl: toBooleanConfig(process.env.HMD_PROTOCOL_USESSL),
|
protocolusessl: toBooleanConfig(process.env.HMD_PROTOCOL_USESSL),
|
||||||
alloworigin: process.env.HMD_ALLOW_ORIGIN ? process.env.HMD_ALLOW_ORIGIN.split(',') : undefined,
|
alloworigin: process.env.HMD_ALLOW_ORIGIN ? process.env.HMD_ALLOW_ORIGIN.split(',') : undefined,
|
||||||
|
|
Loading…
Reference in a new issue