2.1 KiB
2.1 KiB
id | title | challengeType |
---|---|---|
587d8248367417b2b2512c3c | Ask Browsers to Access Your Site via HTTPS Only with helmet.hsts() | 2 |
Description
Instructions
Tests
tests:
- text: helmet.hsts() middleware should be mounted correctly
testString: getUserInput => $.get(getUserInput('url') + '/_api/app-info').then(data => { assert.include(data.appStack, 'hsts'); assert.property(data.headers, 'strict-transport-security'); }, xhr => { throw new Error(xhr.responseText); })
- text: maxAge should be equal to 7776000 ms (90 days)
testString: getUserInput => $.get(getUserInput('url') + '/_api/app-info').then(data => { assert.match(data.headers['strict-transport-security'], /^max-age=777600000;?/); }, xhr => { throw new Error(xhr.responseText); })
Challenge Seed
Solution
// solution required