Skip to content
This repository has been archived by the owner on Jul 12, 2023. It is now read-only.

Add middleware for setting HSTS headers #387

Merged
merged 1 commit into from
Aug 26, 2020
Merged

Add middleware for setting HSTS headers #387

merged 1 commit into from
Aug 26, 2020

Conversation

sethvargo
Copy link
Member

Fixes GH-381

Release Note

Set HSTS headers in production service

@googlebot googlebot added the cla: yes Auto: added by CLA bot when all committers have signed a CLA. label Aug 26, 2020
@sethvargo
Copy link
Member Author

/assign @icco

mikehelmick
mikehelmick reviewed Aug 26, 2020
View reviewed changes
cmd/apiserver/main.go
@@ -130,6 +130,12 @@ func realMain(ctx context.Context) error {
}
rateLimit := httplimiter.Handle

// Install HSTS headers in production
if !config.DevMode {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

guessing this won't matter as non-browsers will ignore...

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

but also no harm

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You don't want to set it in dev because localhost w/ hsts doesn't work.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think Mike was saying that no one will call the API in the browser so it probably doesn't matter

@google-oss-robot
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: mikehelmick, sethvargo

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [mikehelmick,sethvargo]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@google-oss-robot google-oss-robot merged commit 167230d into main Aug 26, 2020
@google-oss-robot google-oss-robot deleted the sethvargo/hsts branch August 26, 2020 23:01
@google google locked and limited conversation to collaborators Oct 6, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@icco icco icco left review comments

@mikehelmick mikehelmick mikehelmick approved these changes

@jeremyfaller jeremyfaller Awaiting requested review from jeremyfaller

@whaught whaught Awaiting requested review from whaught

Assignees

@icco icco

@mikehelmick mikehelmick

Labels
cla: yes Auto: added by CLA bot when all committers have signed a CLA.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add HSTS middleware
5 participants
@sethvargo @google-oss-robot @icco @mikehelmick @googlebot