github/TREK
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: disable Helmet HSTS when FORCE_HTTPS is not set — fixes #58 #59

Browse Source
This commit is contained in:
Maurice
2026-03-28 21:35:23 +01:00
parent a3b6a89471
commit 48e1b732d8
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
server/src/index.ts
View File

@@ -63,6 +63,7 @@ app.use(helmet({
}
},
crossOriginEmbedderPolicy: false,
hsts: process.env.FORCE_HTTPS === 'true' ? { maxAge: 31536000, includeSubDomains: false } : false,
}));
// Redirect HTTP to HTTPS (opt-in via FORCE_HTTPS=true)
if (process.env.FORCE_HTTPS === 'true') {