Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Implements the correct usage of HSTS.

  • Loading branch information...
commit 209e47633474e253b442355149deb79fc19b3fe2 1 parent 49b2ea6
Stefan de Konink authored
Showing with 16 additions and 17 deletions.
  1. +16 −0 cherokee/connection.c
  2. +0 −17 cherokee/handler_error.c
16 cherokee/connection.c
View
@@ -875,6 +875,22 @@ build_response_header (cherokee_connection_t *conn,
cherokee_encoder_add_headers (conn->encoder, buffer);
}
}
+
+ /* HSTS support
+ */
+ if ((conn->socket.is_tls == TLS) &&
+ (CONN_VSRV(conn)->hsts.enabled))
+ {
+ cherokee_buffer_add_str (buffer, "Strict-Transport-Security: ");
+ cherokee_buffer_add_str (buffer, "max-age=");
+ cherokee_buffer_add_ulong10 (buffer, (culong_t) CONN_VSRV(conn)->hsts.max_age);
+
+ if (CONN_VSRV(conn)->hsts.subdomains) {
+ cherokee_buffer_add_str (buffer, "; includeSubdomains");
+ }
+
+ cherokee_buffer_add_str (buffer, CRLF);
+ }
}
17 cherokee/handler_error.c
View
@@ -277,23 +277,6 @@ cherokee_handler_error_add_headers (cherokee_handler_error_t *hdl, cherokee_buff
cherokee_buffer_add_str (buffer, CRLF);
}
- /* HSTS support
- */
- if ((conn->socket.is_tls != TLS) &&
- (CONN_VSRV(conn)->hsts.enabled) &&
- (conn->error_code == http_moved_permanently))
- {
Alvaro Lopez Ortega
alobbs added a note

This breaks the QAs.
What's the rational behind it?

Stefan de Konink Owner
skinkie added a note
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
- cherokee_buffer_add_str (buffer, "Strict-Transport-Security: ");
- cherokee_buffer_add_str (buffer, "max-age=");
- cherokee_buffer_add_ulong10 (buffer, (culong_t) CONN_VSRV(conn)->hsts.max_age);
-
- if (CONN_VSRV(conn)->hsts.subdomains) {
- cherokee_buffer_add_str (buffer, "; includeSubdomains");
- }
-
- cherokee_buffer_add_str (buffer, CRLF);
- }
-
/* Usual headers
*/
cherokee_buffer_add_str (buffer, "Content-Type: text/html"CRLF);
Alvaro Lopez Ortega

This breaks the QAs.
What's the rational behind it?

Stefan de Konink
Please sign in to comment.
Something went wrong with that request. Please try again.