refactor: remove HstsConfig

This config object was originally ported from the HD1 config, but is not required anymore. HD2 does not support handling TLS anymore, so it does not make sense for it to set TLS-related headers. The reverse proxy terminating TLS can easily set HSTS headers. Signed-off-by: David Mehren <git@herrmehren.de>
2024-11-21 09:16:30 -05:00 · 2023-10-07 10:46:16 +02:00 · 2023-10-07 10:46:16 +02:00 · 0693812e8b
commit 0693812e8b
parent bf3e7e1f44
3 changed files with 0 additions and 57 deletions
--- a/backend/src/app.module.ts
+++ b/backend/src/app.module.ts
@ -20,7 +20,6 @@ import cspConfig from './config/csp.config';
 import customizationConfig from './config/customization.config';
 import databaseConfig, { DatabaseConfig } from './config/database.config';
 import externalConfig from './config/external-services.config';
-import hstsConfig from './config/hsts.config';
 import mediaConfig from './config/media.config';
 import noteConfig from './config/note.config';
 import { eventModuleConfig } from './events';
@ -80,7 +79,6 @@ const routes: Routes = [
        appConfig,
        noteConfig,
        mediaConfig,
-        hstsConfig,
        cspConfig,
        databaseConfig,
        authConfig,
--- a/backend/src/config/hsts.config.ts
+++ b/backend/src/config/hsts.config.ts
@ -1,51 +0,0 @@
-/*
- * SPDX-FileCopyrightText: 2022 The HedgeDoc developers (see AUTHORS file)
- *
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-import { registerAs } from '@nestjs/config';
-import * as Joi from 'joi';
-
-import { buildErrorMessage, parseOptionalNumber } from './utils';
-
-export interface HstsConfig {
-  enable: boolean;
-  maxAgeSeconds: number;
-  includeSubdomains: boolean;
-  preload: boolean;
-}
-
-const hstsSchema = Joi.object({
-  enable: Joi.boolean().default(true).optional().label('HD_HSTS_ENABLE'),
-  maxAgeSeconds: Joi.number()
-    .default(60 * 60 * 24 * 365)
-    .optional()
-    .label('HD_HSTS_MAX_AGE'),
-  includeSubdomains: Joi.boolean()
-    .default(true)
-    .optional()
-    .label('HD_HSTS_INCLUDE_SUBDOMAINS'),
-  preload: Joi.boolean().default(true).optional().label('HD_HSTS_PRELOAD'),
-});
-
-export default registerAs('hstsConfig', () => {
-  const hstsConfig = hstsSchema.validate(
-    {
-      enable: process.env.HD_HSTS_ENABLE,
-      maxAgeSeconds: parseOptionalNumber(process.env.HD_HSTS_MAX_AGE),
-      includeSubdomains: process.env.HD_HSTS_INCLUDE_SUBDOMAINS,
-      preload: process.env.HD_HSTS_PRELOAD,
-    },
-    {
-      abortEarly: false,
-      presence: 'required',
-    },
-  );
-  if (hstsConfig.error) {
-    const errorMessages = hstsConfig.error.details.map(
-      (detail) => detail.message,
-    );
-    throw new Error(buildErrorMessage(errorMessages));
-  }
-  return hstsConfig.value as HstsConfig;
-});
--- a/docs/content/concepts/config.md
+++ b/docs/content/concepts/config.md
@ -31,9 +31,6 @@ The config of HedgeDoc is split up into **nine** different modules:
 `external-services.config.ts`
 : Which external services are activated and where can they be called

-`hsts.config.ts`
-: Configuration for [HTTP Strict-Transport-Security][hsts]
-
 `media.config.ts`
 : Where media files are being stored

@ -96,6 +93,5 @@ Some config files also have a `.mock.ts` file which defines the configuration fo
 Those files just contain the default export and return the mock config object.

 [csp]: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
-[hsts]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
 [joi]: https://joi.dev/
 [joi-doc]: https://joi.dev/api