yasts

yasts

Yet Another STS Middleware

Compatibility

Express 4

Usage

var express = require('express');
var sts = require('yasts');


var app = express();
app.use(sts(3, 'months'));

// Add other routes and initialize express app

Other valid arguments

The STS duration is parsed as a Moment.js Duration under the hood so any valid syntax will work.

An optional final boolean argument may be given to toggle the includeSubdomains flag in the header.

All of the below are valid

var sts = require('yasts');

// Will add Strict-Transport-Security: max-age=7862400000; includeSubDomains
app.use(sts(3, 'months', true));

// Will add Strict-Transport-Security: max-age=5000; includeSubDomains
app.use(sts(5000, true));

// Will add Strict-Transport-Security: max-age=604800000
app.use(sts(7, 'days'));

// Will add Strict-Transport-Security: max-age=31536000000
app.use(sts({years: 1}));

Why another STS Middleware?

I only found two of them and neither was up-to-date with Express 4

Why the dependency on Moment.js?

Because it's conventient for calculating durations and someone else keeps it up-to-date

LICENSE

Copyright 2015 Issac Goldstand

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.