From f1bf3caa2025f676b41aa28c064472f3d46b0ba0 Mon Sep 17 00:00:00 2001 From: Tankred Hase Date: Fri, 10 Jun 2016 18:19:03 +0200 Subject: [PATCH] Add publi key pin backup --- README.md | 1 + config/default.js | 3 ++- src/app.js | 4 ++-- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 51c7b0f..3ecaef8 100644 --- a/README.md +++ b/README.md @@ -221,6 +221,7 @@ The `config/development.js` file can be used to configure a local development in * NODE_ENV=production * UPGRADE_HTTPS=true (upgrade HTTP to HTTPS and use [HSTS](https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security)) * PUBLIC_KEY_PIN=base64_encoded_sha256 (use [HPKP](https://developer.mozilla.org/en-US/docs/Web/Security/Public_Key_Pinning)) +* PUBLIC_KEY_PIN_BACKUP=base64_encoded_sha256 * MONGO_URI=127.0.0.1:27017/test_db * MONGO_USER=db_user * MONGO_PASS=db_password diff --git a/config/default.js b/config/default.js index 2f4ecd8..43653b3 100644 --- a/config/default.js +++ b/config/default.js @@ -7,7 +7,8 @@ module.exports = { server: { port: process.env.PORT || 8888, upgradeHTTPS: process.env.UPGRADE_HTTPS, - publicKeyPin: process.env.PUBLIC_KEY_PIN + publicKeyPin: process.env.PUBLIC_KEY_PIN, + publicKeyPinBackup: process.env.PUBLIC_KEY_PIN_BACKUP }, mongo: { diff --git a/src/app.js b/src/app.js index ea7b264..d210647 100644 --- a/src/app.js +++ b/src/app.js @@ -87,8 +87,8 @@ app.use(function *(next) { if (util.isTrue(config.server.upgradeHTTPS)) { this.set('Strict-Transport-Security', 'max-age=16070400'); } - if (config.server.publicKeyPin) { - this.set('Public-Key-Pins', 'pin-sha256="' + config.server.publicKeyPin + '"; max-age=16070400'); + if (config.server.publicKeyPin && config.server.publicKeyPinBackup) { + this.set('Public-Key-Pins', 'pin-sha256="' + config.server.publicKeyPin + '"; pin-sha256="' + config.server.publicKeyPinBackup + '"; max-age=16070400'); } this.set('Access-Control-Allow-Origin', '*'); this.set('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');