Resolve #2923
Allow option to disable sending HSTS headers even if https:// is used in url
This commit is contained in:
parent
8f3bce6b11
commit
61f86dcb2b
|
@ -23,6 +23,7 @@ export type Source = {
|
||||||
url: string;
|
url: string;
|
||||||
port: number;
|
port: number;
|
||||||
https?: { [x: string]: string };
|
https?: { [x: string]: string };
|
||||||
|
disableHsts?: boolean;
|
||||||
mongodb: {
|
mongodb: {
|
||||||
host: string;
|
host: string;
|
||||||
port: number;
|
port: number;
|
||||||
|
|
|
@ -41,7 +41,7 @@ app.use(compress({
|
||||||
|
|
||||||
// HSTS
|
// HSTS
|
||||||
// 6months (15552000sec)
|
// 6months (15552000sec)
|
||||||
if (config.url.startsWith('https')) {
|
if (config.url.startsWith('https') && !config.disableHsts) {
|
||||||
app.use(async (ctx, next) => {
|
app.use(async (ctx, next) => {
|
||||||
ctx.set('strict-transport-security', 'max-age=15552000; preload');
|
ctx.set('strict-transport-security', 'max-age=15552000; preload');
|
||||||
await next();
|
await next();
|
||||||
|
|
Loading…
Reference in New Issue