Updated to send hsts in https header

This commit is contained in:
Cheng-Han, Wu 2016-03-15 10:41:49 +08:00
parent f889ffaa9f
commit d69d65ea74
2 changed files with 9 additions and 0 deletions

8
app.js
View file

@ -17,6 +17,7 @@ var imgur = require('imgur');
var formidable = require('formidable'); var formidable = require('formidable');
var morgan = require('morgan'); var morgan = require('morgan');
var passportSocketIo = require("passport.socketio"); var passportSocketIo = require("passport.socketio");
var helmet = require('helmet');
//core //core
var config = require("./config.js"); var config = require("./config.js");
@ -92,6 +93,13 @@ var sessionStore = new MongoStore({
//compression //compression
app.use(compression()); app.use(compression());
// use hsts to tell https users stick to this
app.use(helmet.hsts({
maxAge: 31536000 * 1000, // 365 days
includeSubdomains: true,
preload: true
}));
//session //session
app.use(session({ app.use(session({
name: config.sessionname, name: config.sessionname,

View file

@ -22,6 +22,7 @@
"express-session": "^1.13.0", "express-session": "^1.13.0",
"formidable": "^1.0.17", "formidable": "^1.0.17",
"highlight.js": "^9.1.0", "highlight.js": "^9.1.0",
"helmet": "^1.3.0",
"imgur": "^0.1.7", "imgur": "^0.1.7",
"jsdom-nogyp": "^0.8.3", "jsdom-nogyp": "^0.8.3",
"kerberos": "0.0.17", "kerberos": "0.0.17",