close_issue_1
/
tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

cmd/tip: set Strict-Transport-Security header in production 

Change-Id: I33db74025785c802a634f324ad110a4ec5381c1f
Reviewed-on: https://go-review.googlesource.com/22674
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
This commit is contained in:
Andrew Gerrand 2016-05-01 16:00:33 +10:00
parent f3109af80d
commit 0238d429c7
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cmd/tip/tip.go
View File

@ -337,5 +337,9 @@ func (h httpsOnlyHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
http.Redirect(w, r, r.URL.String(), http.StatusFound) http.Redirect(w, r, r.URL.String(), http.StatusFound)
return return
} }
if r.Header.Get("X-Appengine-Https") == "on" {
// Only set this header when we're actually in production.
w.Header().Set("Strict-Transport-Security", "max-age=31536000; preload")
}
h.h.ServeHTTP(w, r) h.h.ServeHTTP(w, r)
} }