Refactor HTTP response builder

author: Frédéric Guillot <fred@miniflux.net> 2018-10-07 18:42:43 -0700
committer: Frédéric Guillot <fred@miniflux.net> 2018-10-08 15:31:58 -0700
commit: 1f58b37a5e86603b16e137031c36f37580e9d410 (patch)
tree: 337a7299e91fe7640b64489357dfe7c0f00e2313 /middleware/header_config.go
parent: ddfe969d6cbc8d23326cb9a3ca9a265d4e9d3e45 (diff)
download: v2-1f58b37a5e86603b16e137031c36f37580e9d410.tar.gz
v2-1f58b37a5e86603b16e137031c36f37580e9d410.tar.zst
v2-1f58b37a5e86603b16e137031c36f37580e9d410.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/middleware/header_config.go b/middleware/header_config.go
index 4302ac80..d62d76c6 100644
--- a/middleware/header_config.go
+++ b/middleware/header_config.go
@@ -14,6 +14,11 @@ func (m *Middleware) HeaderConfig(next http.Handler) http.Handler {
 		if r.Header.Get("X-Forwarded-Proto") == "https" {
 			m.cfg.IsHTTPS = true
 		}
+
+		if m.cfg.IsHTTPS && m.cfg.HasHSTS() {
+			w.Header().Set("Strict-Transport-Security", "max-age=31536000")
+		}
+
 		next.ServeHTTP(w, r)
 	})
 }
author	Frédéric Guillot <fred@miniflux.net>	2018-10-07 18:42:43 -0700
committer	Frédéric Guillot <fred@miniflux.net>	2018-10-08 15:31:58 -0700
commit	1f58b37a5e86603b16e137031c36f37580e9d410 (patch)
tree	337a7299e91fe7640b64489357dfe7c0f00e2313 /middleware/header_config.go
parent	ddfe969d6cbc8d23326cb9a3ca9a265d4e9d3e45 (diff)
download	v2-1f58b37a5e86603b16e137031c36f37580e9d410.tar.gz v2-1f58b37a5e86603b16e137031c36f37580e9d410.tar.zst v2-1f58b37a5e86603b16e137031c36f37580e9d410.zip