Skip to content
This repository has been archived by the owner on May 3, 2024. It is now read-only.

Commit

Permalink
feat: update strict transport security header to 2 years (#1165)
Browse files Browse the repository at this point in the history
  • Loading branch information
Matthew-Mallimo authored Oct 30, 2023
1 parent ee38a2f commit 6fbca9e
Show file tree
Hide file tree
Showing 3 changed files with 10 additions and 10 deletions.
10 changes: 5 additions & 5 deletions __tests__/integration/one-app.spec.js
Original file line number Diff line number Diff line change
Expand Up @@ -1354,7 +1354,7 @@ describe('Tests that require Docker setup', () => {
'same-origin',
],
'strict-transport-security': [
'max-age=15552000; includeSubDomains',
'max-age=63072000; includeSubDomains',
],
vary: [
'Accept-Encoding, accept-encoding',
Expand Down Expand Up @@ -1408,7 +1408,7 @@ describe('Tests that require Docker setup', () => {
'same-origin',
],
'strict-transport-security': [
'max-age=15552000; includeSubDomains',
'max-age=63072000; includeSubDomains',
],
'x-content-type-options': [
'nosniff',
Expand Down Expand Up @@ -1467,7 +1467,7 @@ describe('Tests that require Docker setup', () => {
'same-origin',
],
'strict-transport-security': [
'max-age=15552000; includeSubDomains',
'max-age=63072000; includeSubDomains',
],
vary: [
'Accept-Encoding, accept-encoding',
Expand Down Expand Up @@ -1525,7 +1525,7 @@ describe('Tests that require Docker setup', () => {
'same-origin',
],
'strict-transport-security': [
'max-age=15552000; includeSubDomains',
'max-age=63072000; includeSubDomains',
],
vary: ['Accept-Encoding'],
'x-content-type-options': [
Expand Down Expand Up @@ -1589,7 +1589,7 @@ describe('Tests that require Docker setup', () => {
'no-referrer',
],
'strict-transport-security': [
'max-age=15552000; includeSubDomains',
'max-age=63072000; includeSubDomains',
],
vary: [
'Accept-Encoding, accept-encoding',
Expand Down
8 changes: 4 additions & 4 deletions __tests__/server/plugins/addSecurityHeaders.spec.js
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ describe('addSecurityHeaders', () => {
expect(done).toHaveBeenCalled();
expect(reply.header).toHaveBeenCalledTimes(9);
expect(reply.header).toHaveBeenCalledWith('vary', 'Accept-Encoding');
expect(reply.header).toHaveBeenCalledWith('Strict-Transport-Security', 'max-age=15552000; includeSubDomains');
expect(reply.header).toHaveBeenCalledWith('Strict-Transport-Security', 'max-age=63072000; includeSubDomains');
expect(reply.header).toHaveBeenCalledWith('x-dns-prefetch-control', 'off');
expect(reply.header).toHaveBeenCalledWith('x-download-options', 'noopen');
expect(reply.header).toHaveBeenCalledWith('x-permitted-cross-domain-policies', 'none');
Expand Down Expand Up @@ -78,7 +78,7 @@ describe('addSecurityHeaders', () => {
expect(done).toHaveBeenCalled();
expect(reply.header).toHaveBeenCalledTimes(9);
expect(reply.header).toHaveBeenCalledWith('vary', 'Accept-Encoding');
expect(reply.header).toHaveBeenCalledWith('Strict-Transport-Security', 'max-age=15552000; includeSubDomains');
expect(reply.header).toHaveBeenCalledWith('Strict-Transport-Security', 'max-age=63072000; includeSubDomains');
expect(reply.header).toHaveBeenCalledWith('x-dns-prefetch-control', 'off');
expect(reply.header).toHaveBeenCalledWith('x-download-options', 'noopen');
expect(reply.header).toHaveBeenCalledWith('x-permitted-cross-domain-policies', 'none');
Expand Down Expand Up @@ -110,7 +110,7 @@ describe('addSecurityHeaders', () => {
expect(done).toHaveBeenCalled();
expect(reply.header).toHaveBeenCalledTimes(9);
expect(reply.header).toHaveBeenCalledWith('vary', 'Accept-Encoding');
expect(reply.header).toHaveBeenCalledWith('Strict-Transport-Security', 'max-age=15552000; includeSubDomains');
expect(reply.header).toHaveBeenCalledWith('Strict-Transport-Security', 'max-age=63072000; includeSubDomains');
expect(reply.header).toHaveBeenCalledWith('x-dns-prefetch-control', 'off');
expect(reply.header).toHaveBeenCalledWith('x-download-options', 'noopen');
expect(reply.header).toHaveBeenCalledWith('x-permitted-cross-domain-policies', 'none');
Expand Down Expand Up @@ -143,7 +143,7 @@ describe('addSecurityHeaders', () => {
expect(done).toHaveBeenCalled();
expect(reply.header).toHaveBeenCalledTimes(9);
expect(reply.header).toHaveBeenCalledWith('vary', 'Accept-Encoding');
expect(reply.header).toHaveBeenCalledWith('Strict-Transport-Security', 'max-age=15552000; includeSubDomains');
expect(reply.header).toHaveBeenCalledWith('Strict-Transport-Security', 'max-age=63072000; includeSubDomains');
expect(reply.header).toHaveBeenCalledWith('x-dns-prefetch-control', 'off');
expect(reply.header).toHaveBeenCalledWith('x-download-options', 'noopen');
expect(reply.header).toHaveBeenCalledWith('x-permitted-cross-domain-policies', 'none');
Expand Down
2 changes: 1 addition & 1 deletion src/server/plugins/addSecurityHeaders.js
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ const addSecurityHeaders = (fastify, opts = {}, done) => {

fastify.addHook('onRequest', async (request, reply) => {
reply.header('vary', 'Accept-Encoding');
reply.header('Strict-Transport-Security', 'max-age=15552000; includeSubDomains');
reply.header('Strict-Transport-Security', 'max-age=63072000; includeSubDomains');
reply.header('x-dns-prefetch-control', 'off');
reply.header('x-download-options', 'noopen');
reply.header('x-permitted-cross-domain-policies', 'none');
Expand Down

0 comments on commit 6fbca9e

Please sign in to comment.