MCPcopy Index your code
hub / github.com/coder/coder / HSTS

Function HSTS

coderd/httpmw/hsts.go:63–72  ·  view source on GitHub ↗

HSTS will add the strict-transport-security header if enabled. This header forces a browser to always use https for the domain after it loads https once. Meaning: On first load of product.coder.com, they are redirected to https. On all subsequent loads, the client's local browser forces https. This

(next http.Handler, cfg HSTSConfig)

Source from the content-addressed store, hash-verified

61// Full header example:
62// Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
63func HSTS(next http.Handler, cfg HSTSConfig) http.Handler {
64 if cfg.HeaderValue == "" {
65 // No header, so no need to wrap the handler.
66 return next
67 }
68 return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
69 w.Header().Set(hstsHeader, cfg.HeaderValue)
70 next.ServeHTTP(w, r)
71 })
72}

Callers 1

TestHSTSFunction · 0.92

Calls 3

SetMethod · 0.65
HeaderMethod · 0.45
ServeHTTPMethod · 0.45

Tested by 1

TestHSTSFunction · 0.74