Updated to send hsts in https header

author: Cheng-Han, Wu 2016-03-15 10:41:49 +0800
committer: Cheng-Han, Wu 2016-03-15 10:41:49 +0800
commit: d69d65ea7434eee85db4b905f0852f4d8fa7ecce (patch)
tree: 81e649dce85d6459a821a0fac0dff5aab3457e25 /app.js
parent: f889ffaa9f2f1263e4bd539934efe97e27ea10c8 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/app.js b/app.js
index 9ab1e82a..e1330790 100644
--- a/app.js
+++ b/app.js
@@ -17,6 +17,7 @@ var imgur = require('imgur');
 var formidable = require('formidable');
 var morgan = require('morgan');
 var passportSocketIo = require("passport.socketio");
+var helmet = require('helmet');
 
 //core
 var config = require("./config.js");
@@ -92,6 +93,13 @@ var sessionStore = new MongoStore({
 //compression
 app.use(compression());
 
+// use hsts to tell https users stick to this
+app.use(helmet.hsts({
+    maxAge: 31536000 * 1000, // 365 days
+    includeSubdomains: true,
+    preload: true
+}));
+
 //session
 app.use(session({
     name: config.sessionname,
author	Cheng-Han, Wu	2016-03-15 10:41:49 +0800
committer	Cheng-Han, Wu	2016-03-15 10:41:49 +0800
commit	d69d65ea7434eee85db4b905f0852f4d8fa7ecce (patch)
tree	81e649dce85d6459a821a0fac0dff5aab3457e25 /app.js
parent	f889ffaa9f2f1263e4bd539934efe97e27ea10c8 (diff)