2.4 KiB
2.4 KiB
id | title | challengeType | forumTopicId |
---|---|---|---|
587d8248367417b2b2512c3c | Ask Browsers to Access Your Site via HTTPS Only with helmet.hsts() | 2 | 301573 |
Description
Instructions
helmet.hsts()
to use HTTPS for the next 90 days. Pass the config object {maxAge: timeInSeconds, force: true}
. Glitch already has hsts enabled. To override its settings you need to set the field "force" to true in the config object. We will intercept and restore the Glitch header, after inspecting it for testing.
Note: Configuring HTTPS on a custom website requires the acquisition of a domain, and a SSL/TSL Certificate.
Tests
tests:
- text: helmet.hsts() middleware should be mounted correctly
testString: getUserInput => $.get(getUserInput('url') + '/_api/app-info').then(data => { assert.include(data.appStack, 'hsts'); assert.property(data.headers, 'strict-transport-security'); }, xhr => { throw new Error(xhr.responseText); })
- text: maxAge should be equal to 7776000 s (90 days)
testString: getUserInput => $.get(getUserInput('url') + '/_api/app-info').then(data => { assert.match(data.headers['strict-transport-security'], /^max-age=7776000;?/); }, xhr => { throw new Error(xhr.responseText); })
Challenge Seed
Solution
/**
Backend challenges don't need solutions,
because they would need to be tested against a full working project.
Please check our contributing guidelines to learn more.
*/