Skip to content

Commit

Permalink
Adding all HSTS options
Browse files Browse the repository at this point in the history
  • Loading branch information
@bitbyt3r
bitbyt3r committed Nov 29, 2023
1 parent 3d43eca commit f0b7663
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 1 deletion.
2 changes: 2 additions & 0 deletions uber/configspec.ini
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1883,6 +1883,8 @@ prefix = string(default="")

[hsts]
max_age = integer(default=31536000)
preload = boolean(default=False)
include_subdomains = boolean(default=False)

[appconf]
# This is all CherryPy configuration.
Expand Down
12 changes: 11 additions & 1 deletion uber/server.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,17 @@ def sentry_end_transaction():
@cherrypy.tools.register('before_finalize', priority=60)
def secureheaders():
headers = cherrypy.response.headers
headers['Strict-Transport-Security'] = 'max-age=' + str(c.HSTS['max_age'])
hsts_header = 'max-age=' + str(c.HSTS['max_age'])
if c.HSTS['include_subdomains']:
hsts_header += '; includeSubDomains'
if c.HSTS['preload']:
if c.HSTS['max_age'] < 31536000:
log.error('HSTS only supports preloading if max-age > 31536000')
elif not c.HSTS['include_subdomains']:
log.error('HSTS only supports preloading if subdomains are included')
else:
hsts_header += '; preload'
headers['Strict-Transport-Security'] = hsts_header

def _add_email():
[body] = cherrypy.response.body
Expand Down

0 comments on commit f0b7663

Please sign in to comment.