set HSTS header

snarfed · Sep 1, 2016 · 2f35cdb · 2f35cdb
1 parent 3c8e78b
commit 2f35cdb
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 4 deletions.
diff --git a/activitystreams.py b/activitystreams.py
@@ -183,7 +183,12 @@ def write_response(self, response, actor=None, url=None, title=None):
 
     activities = response['items']
 
-    self.response.headers['Access-Control-Allow-Origin'] = '*'
+    self.response.headers.update({
+      'Access-Control-Allow-Origin': '*',
+      'Strict-Transport-Security':
+          'max-age=16070400; includeSubDomains; preload',  # 6 months
+    })
+
     if format in ('json', 'activitystreams'):
       self.response.headers['Content-Type'] = 'application/json'
       self.response.out.write(json.dumps(response, indent=2))

diff --git a/app.py b/app.py
@@ -41,7 +41,15 @@
 URL_CACHE_TIME = 5 * 60  # 5m
 
 
-class FrontPageHandler(handlers.TemplateHandler):
+class Handler(webapp2.RequestHandler):
+  """Base handler class that adds the HSTS header."""
+  def __init__(self, *args, **kwargs):
+    super(Handler, self).__init__(*args, **kwargs)
+    self.response.headers['Strict-Transport-Security'] = \
+        'max-age=16070400; includeSubDomains; preload'  # 6 months
+
+
+class FrontPageHandler(handlers.TemplateHandler, Handler):
   """Renders and serves the front page."""
   handle_exception = handlers.handle_exception
 
@@ -62,7 +70,7 @@ def template_vars(self):
     return vars
 
 
-class DemoHandler(webapp2.RequestHandler):
+class DemoHandler(Handler):
   """Handles silo requests from the interactive demo form on the front page."""
   handle_exception = handlers.handle_exception
 
@@ -90,7 +98,7 @@ def get(self):
       urllib.urlencode(params)))
 
 
-class UrlHandler(activitystreams.Handler):
+class UrlHandler(activitystreams.Handler, Handler):
   """Handles AS/mf2 requests from the interactive demo form on the front page.
 
   Fetched URL data is cached for 5m. Cache key is 'U [URL]', value is dict with