Skip to content

Commit

Permalink
Strict-Transport-Security: increase max-age to 1 year
Browse files Browse the repository at this point in the history
See [#457] and [#459].

[#457]: #457
[#459]: #459
  • Loading branch information
sohrb authored and EvanHahn committed Apr 27, 2024
1 parent 394ba47 commit e0d451b
Show file tree
Hide file tree
Showing 3 changed files with 7 additions and 7 deletions.
2 changes: 1 addition & 1 deletion middlewares/strict-transport-security/index.ts
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
import type { IncomingMessage, ServerResponse } from "http";

const DEFAULT_MAX_AGE = 180 * 24 * 60 * 60;
const DEFAULT_MAX_AGE = 365 * 24 * 60 * 60;

export interface StrictTransportSecurityOptions {
maxAge?: number;
Expand Down
2 changes: 1 addition & 1 deletion test/index.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ describe("helmet", () => {
"cross-origin-resource-policy": "same-origin",
"origin-agent-cluster": "?1",
"referrer-policy": "no-referrer",
"strict-transport-security": "max-age=15552000; includeSubDomains",
"strict-transport-security": "max-age=31536000; includeSubDomains",
"x-content-type-options": "nosniff",
"x-dns-prefetch-control": "off",
"x-download-options": "noopen",
Expand Down
10 changes: 5 additions & 5 deletions test/strict-transport-security.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,10 @@ import strictTransportSecurity from "../middlewares/strict-transport-security";

describe("Strict-Transport-Security middleware", () => {
it('by default, sets max-age to 180 days and adds "includeSubDomains"', async () => {
expect(15552000).toStrictEqual(180 * 24 * 60 * 60);
expect(31536000).toStrictEqual(365 * 24 * 60 * 60);

const expectedHeaders = {
"strict-transport-security": "max-age=15552000; includeSubDomains",
"strict-transport-security": "max-age=31536000; includeSubDomains",
};

await check(strictTransportSecurity(), expectedHeaders);
Expand Down Expand Up @@ -45,20 +45,20 @@ describe("Strict-Transport-Security middleware", () => {

it("disables subdomains with the includeSubDomains option", async () => {
await check(strictTransportSecurity({ includeSubDomains: false }), {
"strict-transport-security": "max-age=15552000",
"strict-transport-security": "max-age=31536000",
});
});

it("can enable preloading", async () => {
await check(strictTransportSecurity({ preload: true }), {
"strict-transport-security":
"max-age=15552000; includeSubDomains; preload",
"max-age=31536000; includeSubDomains; preload",
});
});

it("can explicitly disable preloading", async () => {
await check(strictTransportSecurity({ preload: false }), {
"strict-transport-security": "max-age=15552000; includeSubDomains",
"strict-transport-security": "max-age=31536000; includeSubDomains",
});
});

Expand Down

0 comments on commit e0d451b

Please sign in to comment.