HSTS

Co-Authored-By: tamaina <tamaina@hotmail.co.jp>

src/server/index.ts

@@ -41,6 +41,17 @@ app.use((req, res, next) => {
 	next();
 });
 
+/**
+ * HSTS
+ * 6month(15552000sec)
+ */
+if (config.url.startsWith('https')) {
+	app.use((req, res, next) => {
+		res.header('strict-transport-security', 'max-age=15552000; preload');
+		next();
+	});
+}
+
 // Drop request when without 'Host' header
 app.use((req, res, next) => {
 	if (!req.headers['host']) {