Fix HSTS header

This commit is contained in:
Omar Roth 2018-03-11 10:24:12 -05:00
parent 6d7ae6f638
commit 31d1315c60
1 changed files with 5 additions and 2 deletions

View File

@ -160,6 +160,10 @@ get "/" do |env|
templated "index"
end
before_all do |env|
env.response.headers.add("Strict-Transport-Security", "max-age=31536000; includeSubDomains; preload")
end
get "/watch" do |env|
if env.params.query["v"]?
id = env.params.query["v"]
@ -342,12 +346,11 @@ end
if Kemal.config.ssl && redirect
spawn do
server = HTTP::Server.new("0.0.0.0", 80) do |context|
context.response.headers.add "Strict-Transport-Security", "max-age=31536000; includeSubDomains; preload"
redirect_url = "https://#{context.request.host}#{context.request.path}"
if context.request.query
redirect_url += "?#{context.request.query}"
end
context.response.headers.add "Location", redirect_url
context.response.headers.add("Location", redirect_url)
context.response.status_code = 301
end