simonvareille/keyserver
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add HTTPS public key pinning

Browse Source
This commit is contained in:
Tankred Hase
2016-06-10 17:48:41 +02:00
parent 68fba28dd9
commit 4b183c8976
4 changed files with 21 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
src/app.js
View File

@@ -73,9 +73,23 @@ router.get('/user/:search', function *() {
// display homepage
router.get('/', home);
// Redirect all http traffic to https
app.use(function *(next) {
if (util.isTrue(config.server.upgradeHTTPS) && util.checkHTTP(this)) {
this.redirect('https://' + this.hostname + this.url);
} else {
yield next;
}
});
// Set HTTP response headers
app.use(function *(next) {
this.set('Strict-Transport-Security', 'max-age=16070400');
if (util.isTrue(config.server.upgradeHTTPS)) {
this.set('Strict-Transport-Security', 'max-age=31536000');
}
if (config.server.publicKeyPin) {
this.set('Public-Key-Pins', 'pin-sha256="' + config.server.publicKeyPin + '"');
}
this.set('Access-Control-Allow-Origin', '*');
this.set('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
this.set('Access-Control-Allow-Headers', 'Content-Type');
@@ -84,15 +98,6 @@ app.use(function *(next) {
yield next;
});
// Redirect all http traffic to https
app.use(function *(next) {
if (config.server.upgradeHTTP && util.checkHTTP(this)) {
this.redirect('https://' + this.hostname + this.url);
} else {
yield next;
}
});
app.use(router.routes());
app.use(router.allowedMethods());