diff --git a/src/server.ts b/src/server.ts index d3ac4b0..0187abb 100644 --- a/src/server.ts +++ b/src/server.ts @@ -29,7 +29,9 @@ export default function createServer(opts : Options) : express.Application { if (!opts.allowHttp) { app.use(helmet.hsts({ - maxAge: 5184000 + maxAge: 5184000, + setIf: () => true, + includeSubdomains: false })); } diff --git a/tests/server.test.ts b/tests/server.test.ts index af3f74f..1f63cc6 100644 --- a/tests/server.test.ts +++ b/tests/server.test.ts @@ -49,7 +49,8 @@ describe('Server', function () { dirList: false, serveDir: 'site/', opbeat: false, - open: false + open: false, + allowHttp: false } as Options; it('Should have no powered by header', function (done) { @@ -119,5 +120,13 @@ describe('Server', function () { done(); }); }); + + it('Should have HSTS header', function (done) { + runServer(SERVER_SETTINGS, '/index.html', function (response : any) { + expect(response.status).to.equal(200); + expect(response.headers.get('strict-transport-security')).to.contain('5184000'); + done(); + }); + }); }); });