all files / esecurity/lib/middleware/ hsts.js

100% Statements 15/15
100% Branches 14/14
100% Functions 2/2
100% Lines 14/14
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30                               
 
module.exports = function HstsConstructor(opts) {
 
    opts = opts || {};
    opts.maxAge = opts.maxAge || 365 * 24 * 60 * 60;
    opts.includeSudomains = opts.includeSudomains || false;
    
    return function hsts(req, res, next) {
        
        // self-awareness
        if (req._esecurity_hsts)
            return next();
 
        req._esecurity_hsts = true;
        
        if (!req.secure && !req._esecurity_hsts_test_bypass_ssl)
            return next();
        
        var hstsHeader = ['max-age=' + opts.maxAge];
        
        if (opts.includeSudomains) hstsHeader.push('includeSubDomains');
        
        
        res.set('Strict-Transport-Security', hstsHeader.join(';'));
        
        return next();
    };
};