cmd/godoc: set Strict-Transport-Security header in production

This coerces browsers into enforcing HTTPS-only for golang.org. Change-Id: I91a4cc64b10b9836ef5623314a3cf22a54033dc2 Reviewed-on: https://go-review.googlesource.com/22673 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2016-05-01 15:56:16 +10:00 · 2016-05-01 15:56:16 +10:00 · c9a2436076
parent 0238d429c7
commit c9a2436076
1 changed files with 1 additions and 0 deletions
--- a/cmd/godoc/handlers.go
+++ b/cmd/godoc/handlers.go
@ -54,6 +54,7 @@ func (h hostEnforcerHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		http.Redirect(w, r, r.URL.String(), http.StatusFound)
 		return
 	}
+	w.Header().Set("Strict-Transport-Security", "max-age=31536000; preload")
 	h.h.ServeHTTP(w, r)
 }