HTTP Strict Transport Security
Strict Transport Security (STS) is an opt-in security enhancement that forces usage of HTTPS instead of HTTP (in modern browsers, anyway.)
Enabling STS
Implementing STS is actually very simple and only takes a few lines of code. But better yet, a few different open-source modules exist that bring support for this feature to Express and Sails. To use one of these modules, install it from npm using the directions below, then open config/http.js in your project and configure it as a custom middleware. The example(s) below cover basic usage and configuration. For more guidance and advanced usage details, be sure and follow the link to the docs.
Using lusca
luscais open-source under the Apache license
# In your sails app
npm install lusca --save
Then in the middleware config object in config/http.js:
// ...
// maxAge ==> Number of seconds strict transport security will stay in effect.
strictTransportSecurity: require('lusca').hsts({ maxAge: 31536000 })
// ...
Additional Resources
For a better experience on sailsjs.com, update your browser.
Built with Love
The Sails framework is maintained by a web & mobile studio in Austin, TX, with the help of our contributors. We created Sails in 2012 to assist us on Node.js projects. Naturally we open-sourced it. We hope it makes your life a little bit easier!
© 2012-2018 The Sails Company.
The Sails framework is free and open-source under the MIT License.