Drop support for Node <8; change maxAge: null behavior; remove deprec…

…ated options

Closes #21.
Closes #22.
Closes #26.

CHANGELOG.md

@@ -4,6 +4,12 @@
 ### Added
 * TypeScript type definitions. See [#25](https://github.com/helmetjs/hsts/pull/25)
 
+### Changed
+* Dropped support for Node <8
+* `maxAge` must now be a number if supplied; `undefined` and `null` are no longer allowed
+* Removed deprecated `setIf` option. See [#22](https://github.com/helmetjs/hsts/issues/22)
+* Removed deprecated `includeSubdomains` option; use `includeSubDomains` instead. See [#21](https://github.com/helmetjs/hsts/issues/21)
+
 ## 2.2.0 - 2019-03-10
 ### Added
 * Created a changelog

README.md

@@ -15,7 +15,7 @@ app.use(hsts({
 // Strict-Transport-Security: max-age: 15552000; includeSubDomains
 ```
 
-Note that the max age must be in seconds. *This was different in previous versions of this module!*
+Note that the max age must be in seconds.
 
 The `includeSubDomains` directive is present by default. If this header is set on *example.com*, supported browsers will also use HTTPS on *my-subdomain.example.com*. You can disable this:
 

index.ts

@@ -1,69 +1,41 @@
 import { IncomingMessage, ServerResponse } from 'http';
-import depd from 'depd';
-
-const deprecate = depd('hsts');
-
-const DEFAULT_MAX_AGE = 180 * 24 * 60 * 60;
 
 interface HstsOptions {
   includeSubDomains?: boolean;
   maxAge?: number | null;
   preload?: boolean;
-  setIf?: (req: IncomingMessage, res: ServerResponse) => boolean;
 }
 
-function alwaysTrue () {
-  return true;
-}
+function getHeaderValueFromOptions(options: HstsOptions): string {
+  const DEFAULT_MAX_AGE = 180 * 24 * 60 * 60;
 
-export = function hsts (options: HstsOptions = {}) {
-  if ('includeSubdomains' in options) {
-    deprecate('The "includeSubdomains" parameter is deprecated. Use "includeSubDomains" (with a capital D) instead.');
-  }
-
-  if ('setIf' in options) {
-    deprecate('The "setIf" parameter is deprecated. Refer to the documentation to see how to set the header conditionally.');
-  }
-
-  if (Object.prototype.hasOwnProperty.call(options, 'maxage')) {
+  if ('maxage' in options) {
     throw new Error('maxage is not a supported property. Did you mean to pass "maxAge" instead of "maxage"?');
   }
 
-  const maxAge = options.maxAge !== null && options.maxAge !== undefined ? options.maxAge : DEFAULT_MAX_AGE;
+  const maxAge = 'maxAge' in options ? options.maxAge : DEFAULT_MAX_AGE;
   if (typeof maxAge !== 'number') {
     throw new TypeError('HSTS must be passed a numeric maxAge parameter.');
-  }
-  if (maxAge < 0) {
+  } else if (maxAge < 0) {
     throw new RangeError('HSTS maxAge must be nonnegative.');
   }
 
-  const { setIf = alwaysTrue } = options;
-  if (typeof setIf !== 'function') {
-    throw new TypeError('setIf must be a function.');
-  }
-
-  if (
-    Object.prototype.hasOwnProperty.call(options, 'includeSubDomains') &&
-    Object.prototype.hasOwnProperty.call(options, 'includeSubdomains')
-  ) {
-    throw new Error('includeSubDomains and includeSubdomains cannot both be specified.');
-  }
-
-  // eslint-disable-next-line @typescript-eslint/no-explicit-any
-  const includeSubDomains = options.includeSubDomains !== false && (options as any).includeSubdomains !== false;
-
   let header = `max-age=${Math.round(maxAge)}`;
-  if (includeSubDomains) {
+  if (options.includeSubDomains !== false) {
     header += '; includeSubDomains';
   }
   if (options.preload) {
     header += '; preload';
   }
 
-  return function hsts (req: IncomingMessage, res: ServerResponse, next: () => void) {
-    if (setIf(req, res)) {
-      res.setHeader('Strict-Transport-Security', header);
-    }
+  return header;
+}
+
+export = function hsts (options: HstsOptions = {}) {
+  const headerValue = getHeaderValueFromOptions(options);
+
+  return function hsts (_req: IncomingMessage, res: ServerResponse, next: () => void) {
+    res.setHeader('Strict-Transport-Security', headerValue);
     next();
   };
 }