fixed expect-ct

92fd4c89 · Sigmund, Dominik · Sigmund, Dominik · f95accdb · 92fd4c89 · 92fd4c89
Commit 92fd4c89 authored 4 years ago by Sigmund, Dominik Committed by Sigmund, Dominik 1 year ago
--- a/.gitignore
+++ b/.gitignore
@@ -3,4 +3,6 @@ coverage/
 stryker.log
 *.DS_Store
 # stryker temp files
 .stryker-tmp
\ No newline at end of file
+examples/default/private.key
+examples/default/certificate.crt
\ No newline at end of file
--- a/docs/test-report.html
+++ b/docs/test-report.html
--- a/examples/default/index.js
+++ b/examples/default/index.js
 const express = require('express')
+const fs = require('fs')
+const http = require('http')
+const https = require('https')
 const security = require('../../index')
 const app = express()
 app.use(security())
@@ -9,6 +14,23 @@ app.get('/', function (req, res) {
  res.send('Hello World!')
 })
-app.listen(3000, function () {
+try {
-  console.log('Secure Example app listening on port 3000!')
+  fs.accessSync(__dirname + '/private.key')
-})
+  var privateKey  = fs.readFileSync(__dirname + '/private.key', 'utf8')
\ No newline at end of file
+  var certificate = fs.readFileSync(__dirname + '/certificate.crt', 'utf8')
+  var credentials = {key: privateKey, cert: certificate}
+  var httpsServer = https.createServer(credentials, app)
+  httpsServer.listen(8443, () => {
+    console.log('Secure Example app listening on port 8443 via HTTPS!')
+  })
+} catch (error) {
+  console.log('HTTPS-Server not running')
+}
+var httpServer = http.createServer(app)
+httpServer.listen(8080, () => {
+  console.log('Secure Example app listening on port 8080 via HTTP!')
+})
--- a/index.js
+++ b/index.js
@@ -46,7 +46,7 @@ module.exports = function(options) {
    }
    if (typeof options.ExpectCT === 'undefined') {
-      options.ExpectCT = 'report-uri="/_report", enforce, max-age=30'
+      options.ExpectCT = 'enforce; max-age=30; report-uri="/_report"'
    }
    if (options.ExpectCT !== false) {
      res.set('Expect-CT', options.ExpectCT)

--- a/index.test.js
+++ b/index.test.js
@@ -57,7 +57,7 @@ describe('Unit Tests', () => {
  headerUnitTest('Content-Security-Policy', 'ContentSecurityPolicy', 'default-src \'self\'; frame-ancestors \'none\'')
  headerUnitTest('X-XSS-Protection', 'XXSSProtection', '1; mode=block')
  headerUnitTest('X-DNS-Prefetch-Control', 'XDNSPrefetchControl', 'off')
-  headerUnitTest('Expect-CT', 'ExpectCT', 'report-uri="/_report", enforce, max-age=30')
+  headerUnitTest('Expect-CT', 'ExpectCT', 'enforce; max-age=30; report-uri="/_report"')
  headerUnitTest('X-Frame-Options', 'XFrameOptions', 'deny')
  describe('Header: X-Powered-By', () => {
    it('should remove Header if not defined', (done) => {
@@ -152,7 +152,7 @@ describe('Integration Tests', () => {
  headerIntegrationTest('Content-Security-Policy', 'ContentSecurityPolicy', 'default-src \'self\'; frame-ancestors \'none\'')
  headerIntegrationTest('X-XSS-Protection', 'XXSSProtection', '1; mode=block')
  headerIntegrationTest('X-DNS-Prefetch-Control', 'XDNSPrefetchControl', 'off')
-  headerIntegrationTest('Expect-CT', 'ExpectCT', 'report-uri="/_report", enforce, max-age=30')
+  headerIntegrationTest('Expect-CT', 'ExpectCT', 'enforce; max-age=30; report-uri="/_report"')
  headerIntegrationTest('X-Frame-Options', 'XFrameOptions', 'deny')
  describe('Header: X-Powered-By', () => {
    it('should remove Header if not defined', (done) => {