Merge pull request #280 from vbhayden/add-optional-strict-transport-h…

…eader Optional Support for Strict-Transport-Security Header
cassproject · Sep 7, 2023 · 92eaf2c · 92eaf2c
2 parents 1ca5ff7 + 54cf9b2
commit 92eaf2c
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/src/main/server.js b/src/main/server.js
@@ -127,6 +127,19 @@ if (process.env.DISABLED_EDITOR != 'true') {
     app.use(baseUrl+'cass-editor/', express.static('src/main/webapp/'));
 }
 
+if (process.env.INCLUDE_STRICT_TRANSPORT_SECURITY_HEADER == "true") {
+    app.use((req, res, next) => {
+
+        let forwardingProtocol = req.headers["x-forwarded-proto"];
+        let forwardedSecurely = forwardingProtocol && forwardingProtocol === "https"; 
+        if (forwardedSecurely || req.secure) {
+            res.setHeader("Strict-Transport-Security", "max-age=31536000")
+        }
+
+        next();
+    });
+}
+
 let v8 = require('v8');
 let glob = require('glob');
 let path = require('path');