Test HSTS header

This commit is contained in:
Jake Howard 2018-01-17 20:59:16 +00:00
parent 42f5af27f0
commit e16075a702
Signed by: jake
GPG key ID: 57AFB45680EDD477
2 changed files with 13 additions and 2 deletions

View file

@ -29,7 +29,9 @@ export default function createServer(opts : Options) : express.Application {
if (!opts.allowHttp) {
app.use(helmet.hsts({
maxAge: 5184000
maxAge: 5184000,
setIf: () => true,
includeSubdomains: false
}));
}

View file

@ -49,7 +49,8 @@ describe('Server', function () {
dirList: false,
serveDir: 'site/',
opbeat: false,
open: false
open: false,
allowHttp: false
} as Options;
it('Should have no powered by header', function (done) {
@ -119,5 +120,13 @@ describe('Server', function () {
done();
});
});
it('Should have HSTS header', function (done) {
runServer(SERVER_SETTINGS, '/index.html', function (response : any) {
expect(response.status).to.equal(200);
expect(response.headers.get('strict-transport-security')).to.contain('5184000');
done();
});
});
});
});