mirror of
https://codeberg.org/ashley/poke.git
synced 2024-12-01 07:57:24 +01:00
add hsts lol
This commit is contained in:
parent
f4ff9848c8
commit
5901b013ee
1 changed files with 14 additions and 1 deletions
15
server.js
15
server.js
|
@ -32,7 +32,6 @@
|
||||||
const media_proxy = require("./src/libpoketube/libpoketube-video.js");
|
const media_proxy = require("./src/libpoketube/libpoketube-video.js");
|
||||||
const { sinit } = require("./src/libpoketube/init/superinit.js");
|
const { sinit } = require("./src/libpoketube/init/superinit.js");
|
||||||
const u = await media_proxy();
|
const u = await media_proxy();
|
||||||
|
|
||||||
initlog("Loading...");
|
initlog("Loading...");
|
||||||
initlog(
|
initlog(
|
||||||
"[Welcome] Welcome To PokeTube :3 " +
|
"[Welcome] Welcome To PokeTube :3 " +
|
||||||
|
@ -68,6 +67,7 @@
|
||||||
app.use(modules.express.urlencoded({ extended: true })); // for parsing application/x-www-form-urlencoded
|
app.use(modules.express.urlencoded({ extended: true })); // for parsing application/x-www-form-urlencoded
|
||||||
app.use(modules.useragent.express());
|
app.use(modules.useragent.express());
|
||||||
app.use(modules.express.json()); // for parsing application/json
|
app.use(modules.express.json()); // for parsing application/json
|
||||||
|
app.enable("trust proxy");
|
||||||
|
|
||||||
const renderTemplate = async (res, req, template, data = {}) => {
|
const renderTemplate = async (res, req, template, data = {}) => {
|
||||||
res.render(
|
res.render(
|
||||||
|
@ -101,6 +101,19 @@ this is our config file,you can change stuff here
|
||||||
|
|
||||||
app.use(function (req, res, next) {
|
app.use(function (req, res, next) {
|
||||||
res.header("Access-Control-Allow-Origin", "*");
|
res.header("Access-Control-Allow-Origin", "*");
|
||||||
|
if (req.secure) {
|
||||||
|
res.header(
|
||||||
|
"Strict-Transport-Security",
|
||||||
|
"max-age=31536000; includeSubDomains; preload"
|
||||||
|
);
|
||||||
|
}
|
||||||
|
next();
|
||||||
|
});
|
||||||
|
|
||||||
|
app.use(function (request, response, next) {
|
||||||
|
if (process.env.NODE_ENV != "development" && !request.secure) {
|
||||||
|
return response.redirect("https://" + request.headers.host + request.url);
|
||||||
|
}
|
||||||
|
|
||||||
next();
|
next();
|
||||||
});
|
});
|
||||||
|
|
Loading…
Reference in a new issue