From 61f86dcb2b9cec8d55cf6a77f592ba359ff8b52b Mon Sep 17 00:00:00 2001 From: syuilo Date: Wed, 17 Oct 2018 04:15:41 +0900 Subject: [PATCH] Resolve #2923 Allow option to disable sending HSTS headers even if https:// is used in url --- src/config/types.ts | 1 + src/server/index.ts | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/src/config/types.ts b/src/config/types.ts index 3074cecabf..139ca9e82a 100644 --- a/src/config/types.ts +++ b/src/config/types.ts @@ -23,6 +23,7 @@ export type Source = { url: string; port: number; https?: { [x: string]: string }; + disableHsts?: boolean; mongodb: { host: string; port: number; diff --git a/src/server/index.ts b/src/server/index.ts index e9b2e2440a..66a1d97d29 100644 --- a/src/server/index.ts +++ b/src/server/index.ts @@ -41,7 +41,7 @@ app.use(compress({ // HSTS // 6months (15552000sec) -if (config.url.startsWith('https')) { +if (config.url.startsWith('https') && !config.disableHsts) { app.use(async (ctx, next) => { ctx.set('strict-transport-security', 'max-age=15552000; preload'); await next();