Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
website,x/gddo: enable HSTS for godoc.org and golang.org #26162
godoc.org uses HTTPS. It would be great to increase protection by implementing HSTS and preloading: https://hstspreload.org/?domain=godoc.org
This is especially valuable for godoc.org, since URLs are designed to be easily constructed (from other URLs) by hand and not everyone might add/keep the HTTPS scheme when they do so.
It seems the godoc.org server is constructed at
but I'm not sure about the best place to add a new header.
Add the includeSubDomains directive to meet the requirements for being added to the preload list described at https://hstspreload.org/. Updates golang/go#26162 Change-Id: I415775aa523bcef3a52f1853de033f343b914e83 Reviewed-on: https://go-review.googlesource.com/122175 Reviewed-by: Brad Fitzpatrick <email@example.com>