HTTP Strict Transport Security
Strict Transport Security (STS) is an opt-in security enhancement that forces usage of HTTPS
instead of HTTP
.
Enabling STS
Implementing STS is actually very simple and only takes a few lines of code. But better yet, a few different open-source modules exist that bring support for this feature to Express and Sails. To use one of these modules, install it from npm using the directions below, then open config/http.js
in your project and configure it as a custom middleware. The example(s) below cover basic usage and configuration. For more guidance and advanced usage details, be sure and follow the link to the docs.
Using lusca
lusca
is open-source under the Apache license
# In your sails app
npm install lusca --save
Then in the middleware
config object in config/http.js
:
// ...
// maxAge ==> Number of seconds strict transport security will stay in effect.
strictTransportSecurity: require('lusca').hsts({ maxAge: 31536000 })
// ...