MCPcopy Index your code
hub / github.com/coder/coder / HSTSConfigOptions

Function HSTSConfigOptions

coderd/httpmw/hsts.go:20–51  ·  view source on GitHub ↗
(maxAge int, options []string)

Source from the content-addressed store, hash-verified

18}
19
20func HSTSConfigOptions(maxAge int, options []string) (HSTSConfig, error) {
21 if maxAge <= 0 {
22 // No header, so no need to build the header string.
23 return HSTSConfig{HeaderValue: ""}, nil
24 }
25
26 // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
27 var str strings.Builder
28 _, err := str.WriteString(fmt.Sprintf("max-age=%d", maxAge))
29 if err != nil {
30 return HSTSConfig{}, xerrors.Errorf("hsts: write max-age: %w", err)
31 }
32
33 for _, option := range options {
34 switch {
35 // Only allow valid options and fix any casing mistakes
36 case strings.EqualFold(option, "includeSubDomains"):
37 option = "includeSubDomains"
38 case strings.EqualFold(option, "preload"):
39 option = "preload"
40 default:
41 return HSTSConfig{}, xerrors.Errorf("hsts: invalid option: %q. Must be 'preload' and/or 'includeSubDomains'", option)
42 }
43 _, err = str.WriteString("; " + option)
44 if err != nil {
45 return HSTSConfig{}, xerrors.Errorf("hsts: write option: %w", err)
46 }
47 }
48 return HSTSConfig{
49 HeaderValue: str.String(),
50 }, nil
51}
52
53// HSTS will add the strict-transport-security header if enabled. This header
54// forces a browser to always use https for the domain after it loads https once.

Callers 2

TestHSTSFunction · 0.92
ServerMethod · 0.92

Calls 3

WriteStringMethod · 0.80
ErrorfMethod · 0.45
StringMethod · 0.45

Tested by 1

TestHSTSFunction · 0.74