summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--README.md3
-rw-r--r--app.json12
-rw-r--r--lib/config/environment.js3
3 files changed, 18 insertions, 0 deletions
diff --git a/README.md b/README.md
index dd418d69..8dc82bb4 100644
--- a/README.md
+++ b/README.md
@@ -155,6 +155,9 @@ Environment variables (will overwrite other server configs)
| HMD_S3_REGION | `ap-northeast-1` | AWS S3 region |
| HMD_S3_BUCKET | no example | AWS S3 bucket name |
| HMD_HSTS_ENABLE | ` true` | set to enable [HSTS](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) if HTTPS is also enabled (default is ` true`) |
+| HMD_HSTS_INCLUDE_SUBDOMAINS | `true` | set to include subdomains in HSTS (default is `true`) |
+| HMD_HSTS_MAX_AGE | `31536000` | max duration in seconds to tell clients to keep HSTS status (default is a year) |
+| HMD_HSTS_PRELOAD | `true` | whether to allow preloading of the site's HSTS status (e.g. into browsers) |
Application settings `config.json`
---
diff --git a/app.json b/app.json
index 07678ce3..1de6b7db 100644
--- a/app.json
+++ b/app.json
@@ -27,6 +27,18 @@
"description": "whether to also use HSTS if HTTPS is enabled",
"required": false
},
+ "HMD_HSTS_MAX_AGE": {
+ "description": "max duration, in seconds, to tell clients to keep HSTS status",
+ "required": false
+ },
+ "HMD_HSTS_INCLUDE_SUBDOMAINS": {
+ "description": "whether to tell clients to also regard subdomains as HSTS hosts",
+ "required": false
+ },
+ "HMD_HSTS_PRELOAD": {
+ "description": "whether to allow at all adding of the site to HSTS preloads (e.g. in browsers)",
+ "required": false
+ },
"HMD_DOMAIN": {
"description": "domain name",
"required": false
diff --git a/lib/config/environment.js b/lib/config/environment.js
index 27b697a0..40b7e09f 100644
--- a/lib/config/environment.js
+++ b/lib/config/environment.js
@@ -10,6 +10,9 @@ module.exports = {
usessl: toBooleanConfig(process.env.HMD_USESSL),
hsts: {
enable: toBooleanConfig(process.env.HMD_HSTS_ENABLE),
+ maxAgeSeconds: process.env.HMD_HSTS_MAX_AGE,
+ includeSubdomains: toBooleanConfig(process.env.HMD_HSTS_INCLUDE_SUBDOMAINS),
+ preload: toBooleanConfig(process.env.HMD_HSTS_PRELOAD)
},
protocolusessl: toBooleanConfig(process.env.HMD_PROTOCOL_USESSL),
alloworigin: process.env.HMD_ALLOW_ORIGIN ? process.env.HMD_ALLOW_ORIGIN.split(',') : undefined,