HSTS

Co-Authored-By: tamaina <tamaina@hotmail.co.jp>
author: syuilo <syuilotan@yahoo.co.jp> 2018-04-12 05:54:54 +0900
committer: syuilo <syuilotan@yahoo.co.jp> 2018-04-12 05:54:54 +0900
commit: 0f994692435d7be4f94492294113db3b5dbc17a1 (patch)
tree: 975ee0b8c69da7b43f008536d796cbc43c96dad8 /src/server
parent: wip (diff)
download: misskey-0f994692435d7be4f94492294113db3b5dbc17a1.tar.gz
misskey-0f994692435d7be4f94492294113db3b5dbc17a1.tar.bz2
misskey-0f994692435d7be4f94492294113db3b5dbc17a1.zip
1 files changed, 11 insertions, 0 deletions
diff --git a/src/server/index.ts b/src/server/index.ts
index abb8992da5..9358cce2ac 100644
--- a/src/server/index.ts
+++ b/src/server/index.ts
@@ -41,6 +41,17 @@ app.use((req, res, next) => {
 	next();
 });
 
+/**
+ * HSTS
+ * 6month(15552000sec)
+ */
+if (config.url.startsWith('https')) {
+	app.use((req, res, next) => {
+		res.header('strict-transport-security', 'max-age=15552000; preload');
+		next();
+	});
+}
+
 // Drop request when without 'Host' header
 app.use((req, res, next) => {
 	if (!req.headers['host']) {
author	syuilo <syuilotan@yahoo.co.jp>	2018-04-12 05:54:54 +0900
committer	syuilo <syuilotan@yahoo.co.jp>	2018-04-12 05:54:54 +0900
commit	0f994692435d7be4f94492294113db3b5dbc17a1 (patch)
tree	975ee0b8c69da7b43f008536d796cbc43c96dad8 /src/server
parent	wip (diff)
download	misskey-0f994692435d7be4f94492294113db3b5dbc17a1.tar.gz misskey-0f994692435d7be4f94492294113db3b5dbc17a1.tar.bz2 misskey-0f994692435d7be4f94492294113db3b5dbc17a1.zip