Code coverage report for esecurity/lib/middleware/hsts.js

Statements: 100% (15 / 15)      Branches: 100% (14 / 14)      Functions: 100% (2 / 2)      Lines: 100% (14 / 14)      Ignored: none     

All files » esecurity/lib/middleware/ » hsts.js
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30  1   6 6 6   6     6 1   5   5 1   4   4     4   4        
 
module.exports = function HstsConstructor(opts) {
 
    opts = opts || {};
    opts.maxAge = opts.maxAge || 365 * 24 * 60 * 60;
    opts.includeSudomains = opts.includeSudomains || false;
    
    return function hsts(req, res, next) {
        
        // self-awareness
        if (req._esecurity_hsts)
            return next();
 
        req._esecurity_hsts = true;
        
        if (!req.secure && !req._esecurity_hsts_test_bypass_ssl)
            return next();
        
        var hstsHeader = ['max-age=' + opts.maxAge];
        
        if (opts.includeSudomains) hstsHeader.push('includeSubDomains');
        
        
        res.set('Strict-Transport-Security', hstsHeader.join(';'));
        
        return next();
    };
};