Skip to content

Commit 7f8123e

Browse files
Charles1000ChenCharles1000Chen
committed
Fix HSTS security issue
Signed-off-by: Mu Chen <[email protected]>
1 parent 61e4a46 commit 7f8123e

File tree

1 file changed

+8
-0
lines changed

1 file changed

+8
-0
lines changed

main.go

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,7 @@ var (
3535
authTokenMutexes map[string]*sync.Mutex = make(map[string]*sync.Mutex)
3636
colCounters map[string]*utils.Counter = make(map[string]*utils.Counter)
3737
logger log.Logger = *utils.SpectrumLogger()
38+
https bool = true
3839
)
3940

4041
type handler struct {
@@ -89,6 +90,7 @@ func main() {
8990
if cfg.TlsServerConfig.CaCert != "" && cfg.TlsServerConfig.ServerCert != "" && cfg.TlsServerConfig.ServerKey != "" {
9091
startHTTPS(CSRF(r))
9192
} else {
93+
https = false
9294
startHTTP(CSRF(r))
9395
}
9496
}
@@ -151,6 +153,9 @@ func startHTTPS(handler http.Handler) {
151153

152154
func rootFunc(w http.ResponseWriter, r *http.Request) {
153155
if r.Method == "GET" {
156+
if https {
157+
w.Header().Add("Strict-Transport-Security", "max-age=31536000; includeSubDomains; preload")
158+
}
154159
_, _ = w.Write([]byte(`<html>
155160
<head><title>Spectrum Virtualize exporter</title></head>
156161
<body>
@@ -215,6 +220,9 @@ func (h *handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
215220
_, _ = w.Write([]byte(fmt.Sprintf("Couldn't create handler: %s", err.Error())))
216221
return
217222
}
223+
if https {
224+
w.Header().Add("Strict-Transport-Security", "max-age=31536000; includeSubDomains; preload")
225+
}
218226
handler.ServeHTTP(w, r)
219227
} else {
220228
http.Error(w, "403 Forbidden", http.StatusForbidden)

0 commit comments

Comments
 (0)