donpat1to/Schichtenplaner
1
0
Fork 0
mirror of https://github.com/donpat1to/Schichtenplaner.git synced 2025-11-30 22:45:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

added configuration over https / http

Browse Source
This commit is contained in:
Patrick Mahnke-Hartmann
2025-11-01 17:54:12 +01:00
parent 52f559199d
commit 7a87c49703
5 changed files with 109 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
backend/src/server.ts
View File

@@ -113,6 +113,21 @@ const configureTrustProxy = (): string | string[] | boolean | number => {
app.set('trust proxy', configureTrustProxy());
app.use((req, res, next) => {
const protocol = req.headers['x-forwarded-proto'] || req.protocol;
const isHttps = protocol === 'https';
// Add security warning for HTTP requests
if (!isHttps && process.env.NODE_ENV === 'production') {
res.setHeader('X-Security-Warning', 'This application is being accessed over HTTP. For secure communication, please use HTTPS.');
// Log HTTP access in production
console.warn(`⚠️ HTTP access detected: ${req.method} ${req.path} from ${req.ip}`);
}
next();
});
// Security headers
app.use(helmet({
contentSecurityPolicy: {
@@ -126,6 +141,7 @@ app.use(helmet({
objectSrc: ["'none'"],
mediaSrc: ["'self'"],
frameSrc: ["'none'"],
upgradeInsecureRequests: process.env.FORCE_HTTPS === 'true' ? [] : null
},
},
hsts: {