add hsts_max_age config option
This commit is contained in:
parent
24944793c8
commit
c35e3ff0d6
|
@ -4,17 +4,19 @@ import (
|
|||
"errors"
|
||||
"net/http"
|
||||
"net/http/fcgi"
|
||||
"strconv"
|
||||
"strings"
|
||||
|
||||
"github.com/labstack/echo/v4"
|
||||
|
||||
"git.csclub.uwaterloo.ca/public/pyceo/web/internal/app"
|
||||
"git.csclub.uwaterloo.ca/public/pyceo/web/internal/config"
|
||||
"git.csclub.uwaterloo.ca/public/pyceo/web/pkg/logging"
|
||||
)
|
||||
|
||||
func helmet(isDev bool) echo.MiddlewareFunc {
|
||||
func helmet(cfg *config.Config) echo.MiddlewareFunc {
|
||||
cspSchemes := "https:"
|
||||
if isDev {
|
||||
if cfg.IsDev {
|
||||
cspSchemes = "http: https:"
|
||||
}
|
||||
cspDirectives := []string{
|
||||
|
@ -29,7 +31,7 @@ func helmet(isDev bool) echo.MiddlewareFunc {
|
|||
"script-src-attr 'none'",
|
||||
"style-src 'self' " + cspSchemes + " 'unsafe-inline'",
|
||||
}
|
||||
if !isDev {
|
||||
if !cfg.IsDev {
|
||||
cspDirectives = append(cspDirectives, "upgrade-insecure-requests")
|
||||
}
|
||||
csp := strings.Join(cspDirectives, ";")
|
||||
|
@ -40,8 +42,11 @@ func helmet(isDev bool) echo.MiddlewareFunc {
|
|||
h.Set("Cross-Origin-Opener-Policy", "same-origin")
|
||||
h.Set("Cross-Origin-Resource-Policy", "same-origin")
|
||||
h.Set(echo.HeaderReferrerPolicy, "no-referrer")
|
||||
if !isDev {
|
||||
h.Set(echo.HeaderStrictTransportSecurity, "max-age=15552000")
|
||||
if cfg.HstsMaxAge != 0 {
|
||||
h.Set(
|
||||
echo.HeaderStrictTransportSecurity,
|
||||
"max-age="+strconv.FormatInt(int64(cfg.HstsMaxAge), 10),
|
||||
)
|
||||
}
|
||||
return next(c)
|
||||
}
|
||||
|
|
|
@ -27,6 +27,7 @@ type Config struct {
|
|||
UWDomain string `json:"uw_domain"`
|
||||
MTA string `json:"mta"`
|
||||
CookieName string `json:"cookie_name"`
|
||||
HstsMaxAge int `json:"hsts_max_age"`
|
||||
IsDev bool `json:"dev"`
|
||||
ForcedEmailRecipient string `json:"forced_email_recipient"`
|
||||
|
||||
|
|
Loading…
Reference in New Issue