aux/keyserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use HSTS and HTTPS forwarding

Browse Source
This commit is contained in:
Tankred Hase 2016-06-07 20:43:09 +02:00
parent bdde8e44d5
commit 56162a01d9
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/app.js
View File

@ -70,6 +70,7 @@ router.get('/user/:email', function *() { // shorthand link for sharing
// Set HTTP response headers
app.use(function *(next) {
this.set('Strict-Transport-Security', 'max-age=16070400');
this.set('Access-Control-Allow-Origin', '*');
this.set('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
this.set('Access-Control-Allow-Headers', 'Content-Type');
@ -79,6 +80,15 @@ app.use(function *(next) {
yield next;
});
// Redirect all http traffic to https
app.use(function *(next) {
if (process.env.NODE_ENV === 'production' && !this.secure && this.get('X-Forwarded-Proto') === 'http') {
this.redirect('https://' + this.hostname + this.url);
} else {
yield next;
}
});
app.use(router.routes());
app.use(router.allowedMethods());