close_issue_1
/
tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

cmd/godoc: set Strict-Transport-Security header in production 

This coerces browsers into enforcing HTTPS-only for golang.org.

Change-Id: I91a4cc64b10b9836ef5623314a3cf22a54033dc2
Reviewed-on: https://go-review.googlesource.com/22673
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
This commit is contained in:
Andrew Gerrand 2016-05-01 15:56:16 +10:00
parent 0238d429c7
commit c9a2436076
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cmd/godoc/handlers.go
View File

@ -54,6 +54,7 @@ func (h hostEnforcerHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
http.Redirect(w, r, r.URL.String(), http.StatusFound) http.Redirect(w, r, r.URL.String(), http.StatusFound)
return return
} }
w.Header().Set("Strict-Transport-Security", "max-age=31536000; preload")
h.h.ServeHTTP(w, r) h.h.ServeHTTP(w, r)
} }