Test HSTS header

2018-01-17 20:59:16 +00:00 · 2018-01-17 20:59:16 +00:00 · e16075a702
commit e16075a702
parent 42f5af27f0
2 changed files with 13 additions and 2 deletions
--- a/src/server.ts
+++ b/src/server.ts
@ -29,7 +29,9 @@ export default function createServer(opts : Options) : express.Application {

    if (!opts.allowHttp) {
      app.use(helmet.hsts({
-          maxAge: 5184000
+          maxAge: 5184000,
+          setIf: () => true,
+          includeSubdomains: false
      }));
    }

--- a/tests/server.test.ts
+++ b/tests/server.test.ts
@ -49,7 +49,8 @@ describe('Server', function () {
        dirList: false,
        serveDir: 'site/',
        opbeat: false,
-        open: false
+        open: false,
+        allowHttp: false
      } as Options;

      it('Should have no powered by header', function (done) {
@ -119,5 +120,13 @@ describe('Server', function () {
          done();
        });
      });
+
+      it('Should have HSTS header', function (done) {
+        runServer(SERVER_SETTINGS, '/index.html', function (response : any) {
+          expect(response.status).to.equal(200);
+          expect(response.headers.get('strict-transport-security')).to.contain('5184000');
+          done();
+        });
+      });
    });
 });