strict Transport Security (STS) is an opt-in security enhancement that forces usage of HTTPS instead of HTTP (in modern browsers, at least).
trict Transport Security (STS) is an opt-in security enhancement that forces usage of HTTPS instead of HTTP (in modern browsers, at least).
lusca is open-source under the Apache license
npm install lusca --save
Then in the middleware config object in config/http.js:
// ...
// maxAge ==> Number of seconds strict transport security will stay in effect.
strictTransportSecurity: require('lusca').hsts({ maxAge: 31536000 })
// ...
References:
https://sailsjs.com/documentation/concepts/security/strict-transport-security
No comments:
Post a Comment