Merge pull request #585 from xxyy/feature/hsts-cfg

Make HSTS Behaviour Configurable (Fixes #584)
author: Sheogorath 2017-10-14 18:02:41 +0200
committer: GitHub 2017-10-14 18:02:41 +0200
commit: 5ce8f40eac7fccfcfca175cf79ccfa86a84bc113 (patch)
tree: 8cb0f7934d918528baf6e0c138bffe54d8f8cad0 /app.json
parent: ec8936a9f17ac90edfffa190ec7c91a99871ce27 (diff)
parent: 6bdc90d6ffd60cf8fe0509eb9fb3b2d47f185c31 (diff)
1 files changed, 16 insertions, 1 deletions
diff --git a/app.json b/app.json
index e06720f4..1de6b7db 100644
--- a/app.json
+++ b/app.json
@@ -23,7 +23,22 @@
             "description": "Specify database type. See sequelize available databases. Default using postgres",
             "value": "postgres"
         },
-
+        "HMD_HSTS_ENABLE": {
+            "description": "whether to also use HSTS if HTTPS is enabled",
+            "required": false
+        },
+        "HMD_HSTS_MAX_AGE": {
+            "description": "max duration, in seconds, to tell clients to keep HSTS status",
+            "required": false
+        },
+        "HMD_HSTS_INCLUDE_SUBDOMAINS": {
+            "description": "whether to tell clients to also regard subdomains as HSTS hosts",
+            "required": false
+        },
+        "HMD_HSTS_PRELOAD": {
+            "description": "whether to allow at all adding of the site to HSTS preloads (e.g. in browsers)",
+            "required": false
+        },
         "HMD_DOMAIN": {
             "description": "domain name",
             "required": false
author	Sheogorath	2017-10-14 18:02:41 +0200
committer	GitHub	2017-10-14 18:02:41 +0200
commit	5ce8f40eac7fccfcfca175cf79ccfa86a84bc113 (patch)
tree	8cb0f7934d918528baf6e0c138bffe54d8f8cad0 /app.json
parent	ec8936a9f17ac90edfffa190ec7c91a99871ce27 (diff)
parent	6bdc90d6ffd60cf8fe0509eb9fb3b2d47f185c31 (diff)