golink: set Strict-Transport-Security header on HTTPS responses

Signed-off-by: Patrick O'Doherty <[email protected]>

Author: patrickod

golink.go

@@ -217,7 +217,7 @@ func Run() error {
 		}
 		s := http.Server{
 			Addr:    ":443",
-			Handler: serveHandler(),
+			Handler: HSTS(serveHandler()),
 			TLSConfig: &tls.Config{
 				GetCertificate: localClient.GetCertificate,
 			},
@@ -357,6 +357,15 @@ func redirectHandler(hostname string) http.Handler {
 	})
 }
 
+// HSTS wraps the provided handler and sets Strict-Transport-Security header on
+// all responses.
+func HSTS(h http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Strict-Transport-Security", "max-age=31536000")
+		h.ServeHTTP(w, r)
+	})
+}
+
 // serverHandler returns the main http.Handler for serving all requests.
 func serveHandler() http.Handler {
 	mux := http.NewServeMux()