Skip to content
This repository was archived by the owner on Aug 18, 2021. It is now read-only.

Commit

Permalink
Add hsts preload & subdomain config.
Browse files Browse the repository at this point in the history
  • Loading branch information
Sean Starnes committed Nov 25, 2019
1 parent 0cdbb82 commit 5a839c0
Show file tree
Hide file tree
Showing 4 changed files with 13 additions and 12 deletions.
18 changes: 9 additions & 9 deletions app.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,20 +42,20 @@ app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: false }));
app.use(cookieParser());
app.use(cors());
app.use(helmet());

if (config.USE_HSTS) {
app.use(helmet.hsts({
maxAge: config.HSTS_MAX_AGE,
preload: config.HSTS_PRELOAD,
includeSubDomains: config.HSTS_SUBDOMAINS,
}));
}

app.use(function(req, res, next) {
res.setHeader('Server', '');
res.setHeader('Via', '');
next();
});
app.use(helmet.hsts({
maxAge: config.HSTS_MAX_AGE,
preload: config.HSTS_PRELOAD,
includeSubDomains: config.HSTS_INC_SUBDOMAINS,
setIf: function() {
return config.USE_HSTS;
}
}));

app.use(addRequestId);
app.use(compression());
Expand Down
3 changes: 2 additions & 1 deletion config/index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -118,7 +118,8 @@ function getConfig(env='development') {
config.UPDATE_REPO_REGEX = /(1\.0)(\.\d)?/;
config.USE_HSTS = process.env.USE_HSTS ? process.env.USE_HSTS === 'true' : config.isProd;
config.HSTS_MAX_AGE = process.env.HSTS_MAX_AGE ? parseInt(process.env.HSTS_MAX_AGE) : 31536000;
config.HSTS_PRELOAD = false;
config.HSTS_PRELOAD = process.env.HSTS_PRELOAD && process.env.HSTS_PRELOAD === 'true';
config.HSTS_SUBDOMAINS = process.env.HSTS_SUBDOMAINS && process.env.HSTS_SUBDOMAINS === 'true';
config.PORT = getPort(cloudFoundryEnv);

config.GET_REMOTE_METADATA = process.env.GET_REMOTE_METADATA && process.env.GET_REMOTE_METADATA === 'true';
Expand Down
2 changes: 1 addition & 1 deletion package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "code-gov-api",
"version": "2.6.2",
"version": "2.6.4",
"author": "Michael Balint <[email protected]> (https://presidentialinnovationfellows.gov/)",
"description": "[Code.gov](https://code.gov) is a website promoting good practices in code development, collaboration, and reuse across the U.S. Government. Code.gov will provide tools and guidance to help agencies implement the [Federal Source Code Policy](https://sourcecode.cio.gov). It will include an inventory of the government's custom code to promote reuse between agencies. And it will provide tools to help government and the public collaborate on open source projects. This repository is home to the code powering code.gov. To learn more about the project, check out the main [Code.gov project README](https://github.com/presidential-innovation-fellows/code-gov-pm/blob/master/README.md)",
"repository": {
Expand Down

0 comments on commit 5a839c0

Please sign in to comment.