From 3de6e4843d913d63b2c3b6ca537cbb7a4457e099 Mon Sep 17 00:00:00 2001
From: AJ ONeal <awesome@coolaj86.com>
Date: Fri, 25 Sep 2015 08:06:47 +0000
Subject: [PATCH] add HSTS header

---
 lib/insecure-server.js  | 2 ++
 lib/vhost-sni-server.js | 1 +
 2 files changed, 3 insertions(+)

diff --git a/lib/insecure-server.js b/lib/insecure-server.js
index 251673b..93a6f40 100644
--- a/lib/insecure-server.js
+++ b/lib/insecure-server.js
@@ -6,6 +6,8 @@ module.exports.create = function (securePort, insecurePort, redirects) {
   var escapeRe;
 
   function redirectHttps(req, res) {
+    res.setHeader('Strict-Transport-Security', 'max-age=10886400; includeSubDomains; preload');
+
     var insecureRedirects;
     var host = req.headers.host || '';
     var url = req.url;
diff --git a/lib/vhost-sni-server.js b/lib/vhost-sni-server.js
index 3f7301a..74a4bfd 100644
--- a/lib/vhost-sni-server.js
+++ b/lib/vhost-sni-server.js
@@ -132,6 +132,7 @@ module.exports.create = function (securePort, certsPath, vhostsdir) {
 
         console.log('[log] [once] Preparing mount for', domaininfo.hostname + '/' + domaininfo.dirpathname);
         domainMergeMap[domaininfo.hostname].mountsMap['/' + domaininfo.dirpathname] = function (req, res, next) {
+          res.setHeader('Strict-Transport-Security', 'max-age=10886400; includeSubDomains; preload');
           function loadThatApp() {
             var time = Date.now();