summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSheogorath2018-11-19 22:01:43 +0100
committerSheogorath2018-11-19 22:01:54 +0100
commit0aa3116805f899fb3a97e4c7b22c05e91ac1016f (patch)
treed57c5f998ca4d93915483ffbc3089c74bc54bf5f
parent271dff3808618d0422a52ff5da8cf187bf350b3d (diff)
Fix wrong maxAgeSeconds multiplication
It seems like the inital work on the hsts module expected milliseconds. This has either changed or was never true. Either way, it caused that the current defaults resulted in theory in a 1000 year HSTS policy. Luckily helmet was smart enough to not go higher than 1 year. Anyway, this patch fixes the multiplication of the configured size with 1000 by removing this multiplication. Also to simplify the reading of the defaults, we split them into their components, 60 times 60 seconds so we get one hour. 24 of those hours so we get a day and finally 365 days to get our original wanted default of one year. Reference: https://github.com/hackmdio/CodiMD/commit/d69d65ea7434eee85db4b905f0852f4d8fa7ecce Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
Diffstat (limited to '')
-rw-r--r--app.js2
-rw-r--r--lib/config/default.js2
2 files changed, 2 insertions, 2 deletions
diff --git a/app.js b/app.js
index 618fba15..db930141 100644
--- a/app.js
+++ b/app.js
@@ -83,7 +83,7 @@ app.use(compression())
// use hsts to tell https users stick to this
if (config.hsts.enable) {
app.use(helmet.hsts({
- maxAge: config.hsts.maxAgeSeconds * 1000,
+ maxAge: config.hsts.maxAgeSeconds,
includeSubdomains: config.hsts.includeSubdomains,
preload: config.hsts.preload
}))
diff --git a/lib/config/default.js b/lib/config/default.js
index d7a8f471..5a7ae0a0 100644
--- a/lib/config/default.js
+++ b/lib/config/default.js
@@ -13,7 +13,7 @@ module.exports = {
useSSL: false,
hsts: {
enable: true,
- maxAgeSeconds: 31536000,
+ maxAgeSeconds: 60 * 60 * 24 * 365,
includeSubdomains: true,
preload: true
},