From d69d65ea7434eee85db4b905f0852f4d8fa7ecce Mon Sep 17 00:00:00 2001
From: "Cheng-Han, Wu" <jackymaxj@gmail.com>
Date: Tue, 15 Mar 2016 10:41:49 +0800
Subject: [PATCH] Updated to send hsts in https header

---
 app.js       | 8 ++++++++
 package.json | 1 +
 2 files changed, 9 insertions(+)

diff --git a/app.js b/app.js
index 9ab1e82..e133079 100644
--- a/app.js
+++ b/app.js
@@ -17,6 +17,7 @@ var imgur = require('imgur');
 var formidable = require('formidable');
 var morgan = require('morgan');
 var passportSocketIo = require("passport.socketio");
+var helmet = require('helmet');
 
 //core
 var config = require("./config.js");
@@ -92,6 +93,13 @@ var sessionStore = new MongoStore({
 //compression
 app.use(compression());
 
+// use hsts to tell https users stick to this
+app.use(helmet.hsts({
+    maxAge: 31536000 * 1000, // 365 days
+    includeSubdomains: true,
+    preload: true
+}));
+
 //session
 app.use(session({
     name: config.sessionname,
diff --git a/package.json b/package.json
index 4d70196..9f9535a 100644
--- a/package.json
+++ b/package.json
@@ -22,6 +22,7 @@
     "express-session": "^1.13.0",
     "formidable": "^1.0.17",
     "highlight.js": "^9.1.0",
+    "helmet": "^1.3.0",
     "imgur": "^0.1.7",
     "jsdom-nogyp": "^0.8.3",
     "kerberos": "0.0.17",