From d664d6b371c02aa9fa8bed8bf5fe736abb4f7e00 Mon Sep 17 00:00:00 2001
From: Omar Roth <omarroth@hotmail.com>
Date: Sun, 11 Mar 2018 10:29:40 -0500
Subject: [PATCH] Only use HSTS if SSL is enabled

---
 src/invidious.cr | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/invidious.cr b/src/invidious.cr
index 139c25ae..cbc1fe11 100644
--- a/src/invidious.cr
+++ b/src/invidious.cr
@@ -160,10 +160,6 @@ get "/" do |env|
   templated "index"
 end
 
-before_all do |env|
-  env.response.headers.add("Strict-Transport-Security", "max-age=31536000; includeSubDomains; preload")
-end
-
 get "/watch" do |env|
   if env.params.query["v"]?
     id = env.params.query["v"]
@@ -356,6 +352,10 @@ if Kemal.config.ssl && redirect
 
     server.listen
   end
+
+  before_all do |env|
+    env.response.headers.add("Strict-Transport-Security", "max-age=31536000; includeSubDomains; preload")
+  end
 end
 
 static_headers do |response, filepath, filestat|