From the course: Web Security: Same-Origin Policies
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Include subdomains in Strict-Transport-Security - JavaScript Tutorial
From the course: Web Security: Same-Origin Policies
Include subdomains in Strict-Transport-Security
- [Instructor] By default, a strict transport security header applies only to the origin from which it is applied. However, because some data such as cookies can be accessed and manipulated across subdomains, it's important to apply HSTS to subdomains as well. To do so, you add the include subdomains directive in the value for the header. So in my index.js file for the front end, I want to add the include subdomains directive. So for my closing quote after the max age directive, in it's value, I'm just going to put a semicolon, and include subdomains. This is Camel Case. And I'm going to save that. I'm going to deploy. Now I'm working with a couple subdomains on Heroku, herokuapp.com, and so I'm not actually going to see any difference in the performance on my site here, because I'm not working with a whole domain, and checking how subdomains respond to that. But what we can do in the browser as we load, and verify that we are getting this new updated header. So I am going to reload…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.