let hsts use settings from cdap config

add hsts settings to cdap.json add root flag nit change max age fix type
cdapio · Aug 7, 2023 · cbaef7b · cbaef7b
1 parent 66fae23
commit cbaef7b
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 5 deletions.
diff --git a/server/config/development/cdap.json b/server/config/development/cdap.json
@@ -16,5 +16,9 @@
   "session.secret.key": "sample-secret-key-for-encryption",
   "feature.lifecycle.management.edit.enabled": "true",
   "ui.analyticsTag": "",
-  "ui.GTM": ""
+  "ui.GTM": "",
+  "hsts.enabled": "false",
+  "hsts.max.age": 31536000,
+  "hsts.include.sub.domains": "true",
+  "hsts.preload": "true"
 }
diff --git a/server/express.js b/server/express.js
@@ -136,6 +136,11 @@ function makeApp(authAddress, cdapConfig, uiSettings) {
 
   if (!isModeDevelopment()) {
     const proxyBaseUrl = cdapConfig['dashboard.proxy.base.url'];
+    const hstsSettings = {
+       maxAge: parseInt(cdapConfig["hsts.max.age"]),
+       includeSubDomains: cdapConfig["hsts.include.sub.domains"] === 'true',
+       preload: cdapConfig["hsts.preload"] === 'true',
+    }
     let cspWhiteListUrls = [];
     if (proxyBaseUrl) {
       cspWhiteListUrls.push(proxyBaseUrl);
@@ -181,10 +186,7 @@ function makeApp(authAddress, cdapConfig, uiSettings) {
             reportUri: `https://csp.withgoogle.com/csp/cdap`,
           },
         },
-        hsts: {
-          includeSubDomains: true,
-          preload: true,
-        },
+        hsts: cdapConfig["hsts.enabled"] === 'true' && hstsSettings,
         // Hub icons are cross-origin but don't supply CORS headers
         // TODO credentialless will also work but isn't supported by FF and Safari
         crossOriginEmbedderPolicy: false
@@ -239,6 +241,10 @@ function makeApp(authAddress, cdapConfig, uiSettings) {
         ui: uiSettings['ui'],
         k8sWorkloadIdentityEnabled: cdapConfig['master.environment.k8s.workload.identity.enabled'],
         namespaceCreationHookEnabled: cdapConfig['namespaces.creation.hook.enabled'],
+        hstsEnabled: cdapConfig['hsts.enabled'],
+        hstsMaxAge: cdapConfig['hsts.max.age'],
+        hstsIncludeSubDomains: cdapConfig['hsts.include.sub.domains'],
+        hstsPreload: cdapConfig['hsts.preload'],
       },
       hydrator: {
         previewEnabled: cdapConfig['enable.preview'] === 'true',