Permalink
Browse files

Don't send HSTS headers over non-HTTPS connections.

This fixes #6.
  • Loading branch information...
1 parent 6735984 commit 0a8a86614590c883935262173db215bec0c2998f @nvie committed Oct 26, 2012
Showing with 2 additions and 1 deletion.
  1. +2 −1 flask_sslify.py
View
@@ -51,7 +51,8 @@ def redirect_to_ssl(self):
def set_hsts_header(self, response):
"""Adds HSTS header to each response."""
- response.headers.setdefault('Strict-Transport-Security', self.hsts_header)
+ if request.is_secure:
+ response.headers.setdefault('Strict-Transport-Security', self.hsts_header)
return response

0 comments on commit 0a8a866

Please sign in to comment.