Miroirs/devdocs
1
0
Fork 0
mirror of https://github.com/freeCodeCamp/devdocs synced 2024-11-16 19:48:10 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Enable HTTP Strict-Transport-Security

Browse source
This commit is contained in:
Thibaut Courouble 2018-11-25 12:29:56 -05:00
parent 17cddbccaf
commit 817dac1c48
2 changed files with 6 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
lib/app.rb
View file

@ -12,7 +12,7 @@ class App < Sinatra::Application
Rack::Mime::MIME_TYPES['.webapp'] = 'application/x-web-app-manifest+json'
configure do
use Rack::SslEnforcer, only_environments: ['production', 'test'], hsts: false, force_secure_cookies: false
use Rack::SslEnforcer, only_environments: ['production', 'test'], hsts: true, force_secure_cookies: false
set :sentry_dsn, ENV['SENTRY_DSN']
set :protection, except: [:frame_options, :xss_header]

5
test/app_test.rb
View file

@ -21,6 +21,11 @@ class AppTest < MiniTest::Spec
assert_equal 'https://example.com/test?q=1', last_response['Location']
end
it 'returns HSTS header' do
get 'https://example.com/test'
assert_equal 'max-age=31536000; includeSubDomains', last_response['Strict-Transport-Security']
end
describe "/" do
it "works" do
get '/'