upstream/kallithea Commit - r3238:26bf9c8b

added HSTS headers when using SSL for RhodeCode

marcink -

r3238:26bf9c8b beta

parent child

rhodecode/lib/middleware/https_fixup.py

0 +6 -1

             # You should have received a copy of the GNU General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
+            from pylons.controllers.util import Request
             from rhodecode.lib.utils2 import str2bool
                 def __call__(self, environ, start_response):
                     self.__fixup(environ)
-                    return self.application(environ, start_response)
+                    req = Request(environ)
+                    resp = req.get_response(self.application)
+                    if environ['wsgi.url_scheme'] == 'https':
+                        resp.headers['Strict-Transport-Security'] = 'max-age=8640000; includeSubDomains'
+                    return resp(environ, start_response)
                 def __fixup(self, environ):
                     """

General Comments 0

You need to be logged in to leave comments. Login now

No TODOs yet

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages