Use HSTS and HTTPS forwarding
This commit is contained in:
parent
bdde8e44d5
commit
56162a01d9
10
src/app.js
10
src/app.js
@ -70,6 +70,7 @@ router.get('/user/:email', function *() { // shorthand link for sharing
|
|||||||
|
|
||||||
// Set HTTP response headers
|
// Set HTTP response headers
|
||||||
app.use(function *(next) {
|
app.use(function *(next) {
|
||||||
|
this.set('Strict-Transport-Security', 'max-age=16070400');
|
||||||
this.set('Access-Control-Allow-Origin', '*');
|
this.set('Access-Control-Allow-Origin', '*');
|
||||||
this.set('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
|
this.set('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
|
||||||
this.set('Access-Control-Allow-Headers', 'Content-Type');
|
this.set('Access-Control-Allow-Headers', 'Content-Type');
|
||||||
@ -79,6 +80,15 @@ app.use(function *(next) {
|
|||||||
yield next;
|
yield next;
|
||||||
});
|
});
|
||||||
|
|
||||||
|
// Redirect all http traffic to https
|
||||||
|
app.use(function *(next) {
|
||||||
|
if (process.env.NODE_ENV === 'production' && !this.secure && this.get('X-Forwarded-Proto') === 'http') {
|
||||||
|
this.redirect('https://' + this.hostname + this.url);
|
||||||
|
} else {
|
||||||
|
yield next;
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
app.use(router.routes());
|
app.use(router.routes());
|
||||||
app.use(router.allowedMethods());
|
app.use(router.allowedMethods());
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user