iv-org-mirror/invidious-copy-2022-08-14
1
0
Fork 0
mirror of https://gitea.invidious.io/iv-org/invidious-copy-2022-08-14.git synced 2024-08-15 00:53:20 +00:00
Code Issues Projects Releases Packages Wiki Activity

Add 'hsts' as config option

Browse source
This commit is contained in:
Omar Roth 2019-05-14 08:21:01 -05:00
parent e833ccf309
commit 97ef2191fd
No known key found for this signature in database
GPG key ID: B8254FB7EC3D37F2
2 changed files with 5 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/invidious.cr
View file

@ -193,7 +193,7 @@ before_all do |env|
env.response.headers["Content-Security-Policy"] = "default-src blob: data: 'self' #{host_url} 'unsafe-inline' 'unsafe-eval'; media-src blob: 'self' #{host_url} https://*.googlevideo.com:443"
env.response.headers["Referrer-Policy"] = "same-origin"
if Kemal.config.ssl || config.https_only
if (Kemal.config.ssl || config.https_only) && config.hsts
env.response.headers["Strict-Transport-Security"] = "max-age=31536000; includeSubDomains; preload"
end
@ -5355,7 +5355,9 @@ if Kemal.config.ssl
redirect_url += "?#{env.request.query}"
end
env.response.headers["Strict-Transport-Security"] = "max-age=31536000; includeSubDomains; preload"
if config.hsts
env.response.headers["Strict-Transport-Security"] = "max-age=31536000; includeSubDomains; preload"
end
env.response.headers["Location"] = redirect_url
env.response.status_code = 301
end