diff --git a/backend/src/app.module.ts b/backend/src/app.module.ts index ec5a0d5b3..8035ec71b 100644 --- a/backend/src/app.module.ts +++ b/backend/src/app.module.ts @@ -20,7 +20,6 @@ import cspConfig from './config/csp.config'; import customizationConfig from './config/customization.config'; import databaseConfig, { DatabaseConfig } from './config/database.config'; import externalConfig from './config/external-services.config'; -import hstsConfig from './config/hsts.config'; import mediaConfig from './config/media.config'; import noteConfig from './config/note.config'; import { eventModuleConfig } from './events'; @@ -80,7 +79,6 @@ const routes: Routes = [ appConfig, noteConfig, mediaConfig, - hstsConfig, cspConfig, databaseConfig, authConfig, diff --git a/backend/src/config/hsts.config.ts b/backend/src/config/hsts.config.ts deleted file mode 100644 index 1895000e8..000000000 --- a/backend/src/config/hsts.config.ts +++ /dev/null @@ -1,51 +0,0 @@ -/* - * SPDX-FileCopyrightText: 2022 The HedgeDoc developers (see AUTHORS file) - * - * SPDX-License-Identifier: AGPL-3.0-only - */ -import { registerAs } from '@nestjs/config'; -import * as Joi from 'joi'; - -import { buildErrorMessage, parseOptionalNumber } from './utils'; - -export interface HstsConfig { - enable: boolean; - maxAgeSeconds: number; - includeSubdomains: boolean; - preload: boolean; -} - -const hstsSchema = Joi.object({ - enable: Joi.boolean().default(true).optional().label('HD_HSTS_ENABLE'), - maxAgeSeconds: Joi.number() - .default(60 * 60 * 24 * 365) - .optional() - .label('HD_HSTS_MAX_AGE'), - includeSubdomains: Joi.boolean() - .default(true) - .optional() - .label('HD_HSTS_INCLUDE_SUBDOMAINS'), - preload: Joi.boolean().default(true).optional().label('HD_HSTS_PRELOAD'), -}); - -export default registerAs('hstsConfig', () => { - const hstsConfig = hstsSchema.validate( - { - enable: process.env.HD_HSTS_ENABLE, - maxAgeSeconds: parseOptionalNumber(process.env.HD_HSTS_MAX_AGE), - includeSubdomains: process.env.HD_HSTS_INCLUDE_SUBDOMAINS, - preload: process.env.HD_HSTS_PRELOAD, - }, - { - abortEarly: false, - presence: 'required', - }, - ); - if (hstsConfig.error) { - const errorMessages = hstsConfig.error.details.map( - (detail) => detail.message, - ); - throw new Error(buildErrorMessage(errorMessages)); - } - return hstsConfig.value as HstsConfig; -}); diff --git a/docs/content/concepts/config.md b/docs/content/concepts/config.md index 0c699fa70..6af6760ad 100644 --- a/docs/content/concepts/config.md +++ b/docs/content/concepts/config.md @@ -31,9 +31,6 @@ The config of HedgeDoc is split up into **nine** different modules: `external-services.config.ts` : Which external services are activated and where can they be called -`hsts.config.ts` -: Configuration for [HTTP Strict-Transport-Security][hsts] - `media.config.ts` : Where media files are being stored @@ -96,6 +93,5 @@ Some config files also have a `.mock.ts` file which defines the configuration fo Those files just contain the default export and return the mock config object. [csp]: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP -[hsts]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security [joi]: https://joi.dev/ [joi-doc]: https://joi.dev/api