Set strict transport security header (#1216)

ordinals · Jan 16, 2023 · 7c8c93c · 7c8c93c
1 parent ab5af6c
commit 7c8c93c
Showing 1 changed file with 16 additions and 0 deletions.
diff --git a/src/subcommand/server.rs b/src/subcommand/server.rs
@@ -157,6 +157,10 @@ impl Server {
         .layer(SetResponseHeaderLayer::if_not_present(
           header::CONTENT_SECURITY_POLICY,
           HeaderValue::from_static("default-src 'self'"),
+        ))
+        .layer(SetResponseHeaderLayer::overriding(
+          header::STRICT_TRANSPORT_SECURITY,
+          HeaderValue::from_static("max-age=31536000; includeSubDomains; preload"),
         ));
 
       match (self.http_port(), self.https_port()) {
@@ -1921,4 +1925,16 @@ mod tests {
       r".*<dt>output value</dt>\s*<dd>5000000000</dd>\s*<dt>content</dt>.*",
     );
   }
+
+  #[test]
+  fn strict_transport_security_header_is_set() {
+    assert_eq!(
+      TestServer::new()
+        .get("/status")
+        .headers()
+        .get(header::STRICT_TRANSPORT_SECURITY)
+        .unwrap(),
+      "max-age=31536000; includeSubDomains; preload",
+    );
+  }
 }