Resolve #2923

Allow option to disable sending HSTS headers even if https:// is used in url
author: syuilo <syuilotan@yahoo.co.jp> 2018-10-17 04:15:41 +0900
committer: syuilo <syuilotan@yahoo.co.jp> 2018-10-17 04:15:41 +0900
commit: 61f86dcb2b9cec8d55cf6a77f592ba359ff8b52b (patch)
tree: 8b675875925bb911fa5339e3f220c0cc0a56c939 /src
parent: Add some messaging API tests (diff)
download: sharkey-61f86dcb2b9cec8d55cf6a77f592ba359ff8b52b.tar.gz
sharkey-61f86dcb2b9cec8d55cf6a77f592ba359ff8b52b.tar.bz2
sharkey-61f86dcb2b9cec8d55cf6a77f592ba359ff8b52b.zip
2 files changed, 2 insertions, 1 deletions
diff --git a/src/config/types.ts b/src/config/types.ts
index 3074cecabf..139ca9e82a 100644
--- a/src/config/types.ts
+++ b/src/config/types.ts
@@ -23,6 +23,7 @@ export type Source = {
 	url: string;
 	port: number;
 	https?: { [x: string]: string };
+	disableHsts?: boolean;
 	mongodb: {
 		host: string;
 		port: number;
diff --git a/src/server/index.ts b/src/server/index.ts
index e9b2e2440a..66a1d97d29 100644
--- a/src/server/index.ts
+++ b/src/server/index.ts
@@ -41,7 +41,7 @@ app.use(compress({
 
 // HSTS
 // 6months (15552000sec)
-if (config.url.startsWith('https')) {
+if (config.url.startsWith('https') && !config.disableHsts) {
 	app.use(async (ctx, next) => {
 		ctx.set('strict-transport-security', 'max-age=15552000; preload');
 		await next();
author	syuilo <syuilotan@yahoo.co.jp>	2018-10-17 04:15:41 +0900
committer	syuilo <syuilotan@yahoo.co.jp>	2018-10-17 04:15:41 +0900
commit	61f86dcb2b9cec8d55cf6a77f592ba359ff8b52b (patch)
tree	8b675875925bb911fa5339e3f220c0cc0a56c939 /src
parent	Add some messaging API tests (diff)
download	sharkey-61f86dcb2b9cec8d55cf6a77f592ba359ff8b52b.tar.gz sharkey-61f86dcb2b9cec8d55cf6a77f592ba359ff8b52b.tar.bz2 sharkey-61f86dcb2b9cec8d55cf6a77f592ba359ff8b52b.zip