Michcio/FoundKey-0x7f
1
1
Fork 0
forked from FoundKeyGang/FoundKey
Code Pull requests Releases Activity

Resolve #2923

Browse source 
Allow option to disable sending HSTS headers even if https:// is used in url
This commit is contained in:
syuilo 2018-10-17 04:15:41 +09:00
parent 8f3bce6b11
commit 61f86dcb2b
No known key found for this signature in database
GPG key ID: BDC4C49D06AB9D69
2 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
src/config/types.ts
View file

@ -23,6 +23,7 @@ export type Source = {
url: string; url: string;
port: number; port: number;
https?: { [x: string]: string }; https?: { [x: string]: string };
disableHsts?: boolean;
mongodb: { mongodb: {
host: string; host: string;
port: number; port: number;

2
src/server/index.ts
View file

@ -41,7 +41,7 @@ app.use(compress({
// HSTS // HSTS
// 6months (15552000sec) // 6months (15552000sec)
if (config.url.startsWith('https')) { if (config.url.startsWith('https') && !config.disableHsts) {
app.use(async (ctx, next) => { app.use(async (ctx, next) => {
ctx.set('strict-transport-security', 'max-age=15552000; preload'); ctx.set('strict-transport-security', 'max-age=15552000; preload');
await next(); await next();