jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Implement HSTS preload

Browse Source 
This allows browsers to query https directly instead of the initial http redirect

https://hstspreload.org/#opt-in says it should be explicitly opt in
This commit is contained in:
Girish Ramakrishnan
2023-03-06 11:15:55 +01:00
parent 5bbeb1196a
commit 8448d28f6f
11 changed files with 36 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/apps.js
View File

@@ -1765,7 +1765,7 @@ async function setReverseProxyConfig(app, reverseProxyConfig, auditSource) {
assert.strictEqual(typeof reverseProxyConfig, 'object');
assert.strictEqual(typeof auditSource, 'object');
reverseProxyConfig = _.extend({ robotsTxt: null, csp: null }, reverseProxyConfig);
reverseProxyConfig = _.extend({ robotsTxt: null, csp: null, hstsPreload: false }, reverseProxyConfig);
const appId = app.id;
let error = validateCsp(reverseProxyConfig.csp);