Add env vars for extra HSTS options

This commit is contained in:
Literallie 2017-10-13 01:15:35 +02:00
parent 1634d5c567
commit 6bdc90d6ff
No known key found for this signature in database
GPG key ID: 7BE463C902ED152C
3 changed files with 18 additions and 0 deletions

View file

@ -155,6 +155,9 @@ Environment variables (will overwrite other server configs)
| HMD_S3_REGION | `ap-northeast-1` | AWS S3 region | | HMD_S3_REGION | `ap-northeast-1` | AWS S3 region |
| HMD_S3_BUCKET | no example | AWS S3 bucket name | | HMD_S3_BUCKET | no example | AWS S3 bucket name |
| HMD_HSTS_ENABLE | ` true` | set to enable [HSTS](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) if HTTPS is also enabled (default is ` true`) | | HMD_HSTS_ENABLE | ` true` | set to enable [HSTS](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) if HTTPS is also enabled (default is ` true`) |
| HMD_HSTS_INCLUDE_SUBDOMAINS | `true` | set to include subdomains in HSTS (default is `true`) |
| HMD_HSTS_MAX_AGE | `31536000` | max duration in seconds to tell clients to keep HSTS status (default is a year) |
| HMD_HSTS_PRELOAD | `true` | whether to allow preloading of the site's HSTS status (e.g. into browsers) |
Application settings `config.json` Application settings `config.json`
--- ---

View file

@ -27,6 +27,18 @@
"description": "whether to also use HSTS if HTTPS is enabled", "description": "whether to also use HSTS if HTTPS is enabled",
"required": false "required": false
}, },
"HMD_HSTS_MAX_AGE": {
"description": "max duration, in seconds, to tell clients to keep HSTS status",
"required": false
},
"HMD_HSTS_INCLUDE_SUBDOMAINS": {
"description": "whether to tell clients to also regard subdomains as HSTS hosts",
"required": false
},
"HMD_HSTS_PRELOAD": {
"description": "whether to allow at all adding of the site to HSTS preloads (e.g. in browsers)",
"required": false
},
"HMD_DOMAIN": { "HMD_DOMAIN": {
"description": "domain name", "description": "domain name",
"required": false "required": false

View file

@ -10,6 +10,9 @@ module.exports = {
usessl: toBooleanConfig(process.env.HMD_USESSL), usessl: toBooleanConfig(process.env.HMD_USESSL),
hsts: { hsts: {
enable: toBooleanConfig(process.env.HMD_HSTS_ENABLE), enable: toBooleanConfig(process.env.HMD_HSTS_ENABLE),
maxAgeSeconds: process.env.HMD_HSTS_MAX_AGE,
includeSubdomains: toBooleanConfig(process.env.HMD_HSTS_INCLUDE_SUBDOMAINS),
preload: toBooleanConfig(process.env.HMD_HSTS_PRELOAD)
}, },
protocolusessl: toBooleanConfig(process.env.HMD_PROTOCOL_USESSL), protocolusessl: toBooleanConfig(process.env.HMD_PROTOCOL_USESSL),
alloworigin: process.env.HMD_ALLOW_ORIGIN ? process.env.HMD_ALLOW_ORIGIN.split(',') : undefined, alloworigin: process.env.HMD_ALLOW_ORIGIN ? process.env.HMD_ALLOW_ORIGIN.split(',') : undefined,