Merge pull request #1619 from ether/stricter-transport

Enable HSTS on TLS connections
2014-06-17 12:58:47 +01:00 · 2014-06-17 12:58:47 +01:00 · c627608ea5
parent 6dd66c6a16 897f5189b0
commit c627608ea5
1 changed files with 5 additions and 0 deletions
--- a/src/node/hooks/express.js
+++ b/src/node/hooks/express.js
@ -71,6 +71,11 @@ exports.restartServer = function () {
  }

  app.use(function (req, res, next) {
+    // res.header("X-Frame-Options", "deny"); // breaks embedded pads
+    if(settings.ssl){ // if we use SSL
+      res.header("Strict-Transport-Security", "max-age=31536000; includeSubDomains");
+    }
+
    res.header("Server", serverName);
    next();
  });