Skip to content
Browse files

Initial version.

  • Loading branch information...
0 parents commit c4b7b4056c815b524e49e7f88520bb3d7b1ba9e6 @francois2metz francois2metz committed
Showing with 71 additions and 0 deletions.
  1. +23 −0 LICENSE
  2. +19 −0 README.md
  3. +21 −0 lib/index.js
  4. +8 −0 package.json
23 LICENSE
@@ -0,0 +1,23 @@
+Copyright (c) 2011, François de Metz
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
19 README.md
@@ -0,0 +1,19 @@
+# connect-sts (Strict Transport Security)
+
+This middleware add *Strict-Transport-Security* header.
+
+## Usage
+
+ var connect = require('connect');
+ var sts = require('connect-sts');
+ var server = connect.createServer(sts(max_age, includeSubdomains);
+ server.listen(3030);
+
+## Reference
+
+* http://tools.ietf.org/html/draft-hodges-strict-transport-sec-02
+* http://en.wikipedia.org/wiki/Strict_Transport_Security
+
+## License
+
+BSD
21 lib/index.js
@@ -0,0 +1,21 @@
+/**
+ * Middleware to add Strict-Transport-Security header
+ * http://tools.ietf.org/html/draft-hodges-strict-transport-sec-02
+ *
+ * Arguments:
+ * - maxAge: int, the time in seconds the browser should remember the directive.
+ * - includeSubdomains: bool, set to true to set includeSubdomains directive.
+ *
+ */
+exports.strictTransportSecurity = function(maxAge, includeSubdomains) {
+ return function(req, res, next) {
+ var originalWriteHead = res.writeHead;
+ res.writeHead = function(status, headers) {
+ headers = headers || {};
+ headers['Strict-Transport-Security'] = "max-age=" + maxAge +
+ (includeSubdomains ? "; includeSubDomains" : "");
+ originalWriteHead.call(res, status, headers);
+ };
+ next();
+ }
+};
8 package.json
@@ -0,0 +1,8 @@
+{
+ "name": "connect-sts",
+ "description": "Add ",
+ "version": "0.1.0",
+ "author": "Francois de Metz <fdemetz@af83.com>",
+ "engines": { "node": ">= 0.2" },
+ "dependencies": { "connect": "" }
+}

0 comments on commit c4b7b40

Please sign in to comment.
Something went wrong with that request. Please try again.