6b3c61c737
* feat: update backend project links Replace solution and remix Glitch links with equivalent Repl.it links in backend projects/challenges and intro pages. * fix: link and Repl.it casing * fix: update mention of glitch in testing challenge * Apply suggestions from code review Co-authored-by: Oliver Eyton-Williams <ojeytonwilliams@gmail.com> Co-authored-by: Mrugesh Mohapatra <1884376+raisedadead@users.noreply.github.com> Co-authored-by: Oliver Eyton-Williams <ojeytonwilliams@gmail.com>
2.3 KiB
2.3 KiB
id, title, challengeType, isHidden, forumTopicId
| id | title | challengeType | isHidden | forumTopicId |
|---|---|---|---|---|
| 587d8248367417b2b2512c3c | Ask Browsers to Access Your Site via HTTPS Only with helmet.hsts() | 2 | false | 301573 |
Description
Instructions
helmet.hsts() to use HTTPS for the next 90 days. Pass the config object {maxAge: timeInSeconds, force: true}. Repl.it already has hsts enabled. To override its settings you need to set the field "force" to true in the config object. We will intercept and restore the Repl.it header, after inspecting it for testing.
Note: Configuring HTTPS on a custom website requires the acquisition of a domain, and a SSL/TSL Certificate.
Tests
tests:
- text: helmet.hsts() middleware should be mounted correctly
testString: getUserInput => $.get(getUserInput('url') + '/_api/app-info').then(data => { assert.include(data.appStack, 'hsts'); assert.property(data.headers, 'strict-transport-security'); }, xhr => { throw new Error(xhr.responseText); })
- text: maxAge should be equal to 7776000 s (90 days)
testString: getUserInput => $.get(getUserInput('url') + '/_api/app-info').then(data => { assert.match(data.headers['strict-transport-security'], /^max-age=7776000;?/); }, xhr => { throw new Error(xhr.responseText); })
Challenge Seed
Solution
/**
Backend challenges don't need solutions,
because they would need to be tested against a full working project.
Please check our contributing guidelines to learn more.
*/