summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--app.js8
-rw-r--r--package.json1
2 files changed, 9 insertions, 0 deletions
diff --git a/app.js b/app.js
index 9ab1e82a..e1330790 100644
--- a/app.js
+++ b/app.js
@@ -17,6 +17,7 @@ var imgur = require('imgur');
var formidable = require('formidable');
var morgan = require('morgan');
var passportSocketIo = require("passport.socketio");
+var helmet = require('helmet');
//core
var config = require("./config.js");
@@ -92,6 +93,13 @@ var sessionStore = new MongoStore({
//compression
app.use(compression());
+// use hsts to tell https users stick to this
+app.use(helmet.hsts({
+ maxAge: 31536000 * 1000, // 365 days
+ includeSubdomains: true,
+ preload: true
+}));
+
//session
app.use(session({
name: config.sessionname,
diff --git a/package.json b/package.json
index 4d701966..9f9535ac 100644
--- a/package.json
+++ b/package.json
@@ -22,6 +22,7 @@
"express-session": "^1.13.0",
"formidable": "^1.0.17",
"highlight.js": "^9.1.0",
+ "helmet": "^1.3.0",
"imgur": "^0.1.7",
"jsdom-nogyp": "^0.8.3",
"kerberos": "0.0.17",