Use HSTS and HTTPS forwarding

This commit is contained in:
Tankred Hase 2016-06-07 20:43:09 +02:00
parent bdde8e44d5
commit 56162a01d9

View File

@ -70,6 +70,7 @@ router.get('/user/:email', function *() { // shorthand link for sharing
// Set HTTP response headers // Set HTTP response headers
app.use(function *(next) { app.use(function *(next) {
this.set('Strict-Transport-Security', 'max-age=16070400');
this.set('Access-Control-Allow-Origin', '*'); this.set('Access-Control-Allow-Origin', '*');
this.set('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS'); this.set('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
this.set('Access-Control-Allow-Headers', 'Content-Type'); this.set('Access-Control-Allow-Headers', 'Content-Type');
@ -79,6 +80,15 @@ app.use(function *(next) {
yield next; yield next;
}); });
// Redirect all http traffic to https
app.use(function *(next) {
if (process.env.NODE_ENV === 'production' && !this.secure && this.get('X-Forwarded-Proto') === 'http') {
this.redirect('https://' + this.hostname + this.url);
} else {
yield next;
}
});
app.use(router.routes()); app.use(router.routes());
app.use(router.allowedMethods()); app.use(router.allowedMethods());