2.4 KiB
2.4 KiB
id | challengeType | forumTopicId | title |
---|---|---|---|
587d8248367417b2b2512c3c | 2 | 301573 | 要求浏览器通过HTTPS访问您的站点仅限于使用helmet.hsts() |
Description
Instructions
helmet.hsts()
,网站会在未来的90天内使用 HTTPS。我们还可以传入配置对象 {maxAge: timeInSeconds, force: true}
。Repl.it 默认已经开启 hsts,但你仍然可以通过添加 {force: true}
来覆盖它。我们会拦截 Glitch 请求的 header 来进行此挑战的测试,然后恢复此项配置。
注意: 配置 HTTPS 需要域名以及 SSL/TSL 证书。
Tests
tests:
- text: 应正确加载 helmet.hsts() 中间件
testString: getUserInput => $.get(getUserInput('url') + '/_api/app-info').then(data => { assert.include(data.appStack, 'hsts'); assert.property(data.headers, 'strict-transport-security'); }, xhr => { throw new Error(xhr.responseText); })
- text: 应将 maxAge 设置为 7776000 ms(90 天)
testString: getUserInput => $.get(getUserInput('url') + '/_api/app-info').then(data => { assert.match(data.headers['strict-transport-security'], /^max-age=7776000;?/); }, xhr => { throw new Error(xhr.responseText); })
Challenge Seed
Solution
/**
Backend challenges don't need solutions,
because they would need to be tested against a full working project.
Please check our contributing guidelines to learn more.
*/