feat: Add helmet and force SSL
This commit is contained in:
Khaled Garbaya
committed by
Benedikt Rötsch
Benedikt Rötsch
parent
9ae9c543ba
commit
9c2840ac89
11
app.js
11
app.js
@@ -5,6 +5,7 @@ const cookieParser = require('cookie-parser')
|
||||
const express = require('express')
|
||||
const logger = require('morgan')
|
||||
const querystring = require('querystring')
|
||||
const helmet = require('helmet')
|
||||
|
||||
// Load environment variables using dotenv
|
||||
require('dotenv').config({ path: 'variables.env' })
|
||||
@@ -24,12 +25,22 @@ app.set('views', path.join(__dirname, 'views'))
|
||||
app.set('view engine', 'pug')
|
||||
|
||||
app.use(logger('dev'))
|
||||
app.use(helmet())
|
||||
app.use(bodyParser.json())
|
||||
app.use(bodyParser.urlencoded({ extended: false }))
|
||||
app.use(cookieParser())
|
||||
app.use(express.static(path.join(__dirname, 'public')))
|
||||
app.use(breadcrumb())
|
||||
|
||||
// Force all requests on production to be served over https
|
||||
app.use(function (req, res, next) {
|
||||
if (!req.secure && process.env.NODE_ENV === 'production') {
|
||||
var secureUrl = 'https://' + req.headers['host'] + req.url
|
||||
res.writeHead(301, { 'Location': secureUrl })
|
||||
res.end()
|
||||
}
|
||||
next()
|
||||
})
|
||||
// Set our application state based on environment variables or query parameters
|
||||
app.use(async function (request, response, next) {
|
||||
// Set default settings based on environment variables
|
||||
|
||||
Reference in New Issue
Block a user