From 56411ca0e10a90d8206508171e3871146bce5351 Mon Sep 17 00:00:00 2001 From: Literallie Date: Fri, 13 Oct 2017 01:09:04 +0200 Subject: Make HSTS behaviour configurable; Fixes #584 --- lib/config/default.js | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'lib') diff --git a/lib/config/default.js b/lib/config/default.js index a14a4294..f4c45e3d 100644 --- a/lib/config/default.js +++ b/lib/config/default.js @@ -7,6 +7,12 @@ module.exports = { urladdport: false, alloworigin: ['localhost'], usessl: false, + hsts: { + enable: true, + maxAgeSeconds: 31536000, + includeSubdomains: true, + preload: true + }, protocolusessl: false, usecdn: true, allowanonymous: true, -- cgit v1.2.3 From 1634d5c567180b072ed4e345b841642f4ea70924 Mon Sep 17 00:00:00 2001 From: Literallie Date: Fri, 13 Oct 2017 01:14:50 +0200 Subject: Add on/off env var for HSTS --- lib/config/environment.js | 3 +++ 1 file changed, 3 insertions(+) (limited to 'lib') diff --git a/lib/config/environment.js b/lib/config/environment.js index c108a6f9..27b697a0 100644 --- a/lib/config/environment.js +++ b/lib/config/environment.js @@ -8,6 +8,9 @@ module.exports = { port: process.env.HMD_PORT, urladdport: toBooleanConfig(process.env.HMD_URL_ADDPORT), usessl: toBooleanConfig(process.env.HMD_USESSL), + hsts: { + enable: toBooleanConfig(process.env.HMD_HSTS_ENABLE), + }, protocolusessl: toBooleanConfig(process.env.HMD_PROTOCOL_USESSL), alloworigin: process.env.HMD_ALLOW_ORIGIN ? process.env.HMD_ALLOW_ORIGIN.split(',') : undefined, usecdn: toBooleanConfig(process.env.HMD_USECDN), -- cgit v1.2.3 From 6bdc90d6ffd60cf8fe0509eb9fb3b2d47f185c31 Mon Sep 17 00:00:00 2001 From: Literallie Date: Fri, 13 Oct 2017 01:15:35 +0200 Subject: Add env vars for extra HSTS options --- lib/config/environment.js | 3 +++ 1 file changed, 3 insertions(+) (limited to 'lib') diff --git a/lib/config/environment.js b/lib/config/environment.js index 27b697a0..40b7e09f 100644 --- a/lib/config/environment.js +++ b/lib/config/environment.js @@ -10,6 +10,9 @@ module.exports = { usessl: toBooleanConfig(process.env.HMD_USESSL), hsts: { enable: toBooleanConfig(process.env.HMD_HSTS_ENABLE), + maxAgeSeconds: process.env.HMD_HSTS_MAX_AGE, + includeSubdomains: toBooleanConfig(process.env.HMD_HSTS_INCLUDE_SUBDOMAINS), + preload: toBooleanConfig(process.env.HMD_HSTS_PRELOAD) }, protocolusessl: toBooleanConfig(process.env.HMD_PROTOCOL_USESSL), alloworigin: process.env.HMD_ALLOW_ORIGIN ? process.env.HMD_ALLOW_ORIGIN.split(',') : undefined, -- cgit v1.2.3