-
Notifications
You must be signed in to change notification settings - Fork 0
/
hsts.go
54 lines (47 loc) · 1.36 KB
/
hsts.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
package advhttp
import (
"fmt"
"net/http"
)
const (
HstsStrictTransportSecurity = "Strict-Transport-Security"
HstsIncludeSubDomains = "includeSubDomains"
HstsPreload = "preload"
)
var (
HstsDefaultMaxAge = int64(31536000)
HstsDefaultIncludeSubDomains = false
HstsDefaultPreload = false
)
type Hsts struct {
// Sets the number of seconds that clients will use sts (always https)
MaxAge int64
// Enables sts on all subdomains as well
IncludeSubDomains bool
// Signals that the site should be added to the browsers preload list
Preload bool
}
func (hsts *Hsts) ProcessHsts(w http.ResponseWriter, r *http.Request) {
writeHsts := false
if r.TLS != nil {
writeHsts = true
}
if r.Header.Get("X-Forwarded-Proto") != "" {
writeHsts = true
}
if writeHsts && hsts.IncludeSubDomains && hsts.Preload {
w.Header().Set(HstsStrictTransportSecurity, fmt.Sprintf("max-age=%d; %v; %v", hsts.MaxAge, HstsIncludeSubDomains, HstsPreload))
return
}
if writeHsts && hsts.IncludeSubDomains {
w.Header().Set(HstsStrictTransportSecurity, fmt.Sprintf("max-age=%d; %d", hsts.MaxAge, HstsIncludeSubDomains))
return
}
if writeHsts {
w.Header().Set(HstsStrictTransportSecurity, fmt.Sprintf("max-age=%d", hsts.MaxAge))
}
}
var DefaultHsts *Hsts
func ProcessHsts(w http.ResponseWriter, r *http.Request) {
DefaultHsts.ProcessHsts(w, r)
}