HSTS returns middleware that adds Strict-Transport-Security when enabled and request is HTTPS.
(enabled bool)
| 13 | |
| 14 | // HSTS returns middleware that adds Strict-Transport-Security when enabled and request is HTTPS. |
| 15 | func HSTS(enabled bool) func(http.Handler) http.Handler { |
| 16 | return func(next http.Handler) http.Handler { |
| 17 | return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { |
| 18 | if !enabled { |
| 19 | next.ServeHTTP(w, r) |
| 20 | return |
| 21 | } |
| 22 | secure := r.TLS != nil || strings.EqualFold(r.Header.Get("X-Forwarded-Proto"), "https") |
| 23 | if secure { |
| 24 | w.Header().Set("Strict-Transport-Security", "max-age="+strconv.Itoa(HSTSMaxAgeOneYear)+"; includeSubDomains") |
| 25 | } |
| 26 | next.ServeHTTP(w, r) |
| 27 | }) |
| 28 | } |
| 29 | } |