diff options
-rw-r--r-- | app.js | 8 | ||||
-rw-r--r-- | package.json | 1 |
2 files changed, 9 insertions, 0 deletions
@@ -17,6 +17,7 @@ var imgur = require('imgur'); var formidable = require('formidable'); var morgan = require('morgan'); var passportSocketIo = require("passport.socketio"); +var helmet = require('helmet'); //core var config = require("./config.js"); @@ -92,6 +93,13 @@ var sessionStore = new MongoStore({ //compression app.use(compression()); +// use hsts to tell https users stick to this +app.use(helmet.hsts({ + maxAge: 31536000 * 1000, // 365 days + includeSubdomains: true, + preload: true +})); + //session app.use(session({ name: config.sessionname, diff --git a/package.json b/package.json index 4d701966..9f9535ac 100644 --- a/package.json +++ b/package.json @@ -22,6 +22,7 @@ "express-session": "^1.13.0", "formidable": "^1.0.17", "highlight.js": "^9.1.0", + "helmet": "^1.3.0", "imgur": "^0.1.7", "jsdom-nogyp": "^0.8.3", "kerberos": "0.0.17", |