From 464388866f7bc5d73db4539adbae6b4d10d9659e Mon Sep 17 00:00:00 2001 From: Jantje19 Date: Fri, 12 Jul 2019 17:32:32 +0200 Subject: [PATCH] HSTS support Set the 'HSTS' value in 'https-config' to either: - number: 'max-age=[YOUR VALUE]; includeSubDomains; preload' - boolean: 'max-age=31536000; includeSubDomains; preload' - string: the value of the 'Strict-Transport-Security' header --- server.js | 39 ++++++++++++++++++++++++--------------- 1 file changed, 24 insertions(+), 15 deletions(-) diff --git a/server.js b/server.js index 4fd12dd..c884083 100644 --- a/server.js +++ b/server.js @@ -15,6 +15,19 @@ module.exports = { const certificate = fs.readFileSync(httpsSupport.cert); const credentials = {key: privateKey, cert: certificate}; + if ('HSTS' in httpsSupport) { + const hstsValue = httpsSupport.HSTS; + if (hstsValue !== false) { + const maxAge = ((typeof(hstsValue) === typeof(true)) ? 31536000 : hstsValue); + const headerValue = `max-age=${maxAge}; includeSubDomains; preload`; + + app.use((request, response, next) => { + response.setHeader('Strict-Transport-Security', ((typeof(hstsValue) === typeof('')) ? hstsValue : headerValue)); + next(); + }); + } + } + httpsServer = https.createServer(credentials, app); } // @@ -23,23 +36,19 @@ module.exports = { const ips = utils.getLocalIP(os); app.use(compression()); - // Needed for the manifest.json - app.use((request, response, next) => { - if (request.url.endsWith('manifest.json')) { - fs.readFile(dirname + request.url, 'utf-8', (err, data) => { - if (err) - next(); - else { - response.setHeader('Content-Type', 'application/json'); - response.send(data.replace('[[STARTURL]]', settings.url.val)); - } - }); - } else { - next(); - } - }); app.use(express.static(dirname)); + app.get('*manifest.json*', (request, response) => { + fs.readFile(dirname + 'Assets/Icons/manifest.json', 'utf-8', (err, data) => { + if (err) + response.status(500).send('Server error'); + else { + response.setHeader('Content-Type', 'application/json'); + response.send(data.replace('[[STARTURL]]', settings.url.val)); + } + }); + }); + app.get('*favicon.ico*', (request, response) => { utils.sendFile(fs, dirname + 'Assets/Icons/favicon.ico', response); });