Add 'hsts' as config option
This commit is contained in:
parent
e833ccf309
commit
97ef2191fd
|
@ -193,7 +193,7 @@ before_all do |env|
|
||||||
env.response.headers["Content-Security-Policy"] = "default-src blob: data: 'self' #{host_url} 'unsafe-inline' 'unsafe-eval'; media-src blob: 'self' #{host_url} https://*.googlevideo.com:443"
|
env.response.headers["Content-Security-Policy"] = "default-src blob: data: 'self' #{host_url} 'unsafe-inline' 'unsafe-eval'; media-src blob: 'self' #{host_url} https://*.googlevideo.com:443"
|
||||||
env.response.headers["Referrer-Policy"] = "same-origin"
|
env.response.headers["Referrer-Policy"] = "same-origin"
|
||||||
|
|
||||||
if Kemal.config.ssl || config.https_only
|
if (Kemal.config.ssl || config.https_only) && config.hsts
|
||||||
env.response.headers["Strict-Transport-Security"] = "max-age=31536000; includeSubDomains; preload"
|
env.response.headers["Strict-Transport-Security"] = "max-age=31536000; includeSubDomains; preload"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -5355,7 +5355,9 @@ if Kemal.config.ssl
|
||||||
redirect_url += "?#{env.request.query}"
|
redirect_url += "?#{env.request.query}"
|
||||||
end
|
end
|
||||||
|
|
||||||
env.response.headers["Strict-Transport-Security"] = "max-age=31536000; includeSubDomains; preload"
|
if config.hsts
|
||||||
|
env.response.headers["Strict-Transport-Security"] = "max-age=31536000; includeSubDomains; preload"
|
||||||
|
end
|
||||||
env.response.headers["Location"] = redirect_url
|
env.response.headers["Location"] = redirect_url
|
||||||
env.response.status_code = 301
|
env.response.status_code = 301
|
||||||
end
|
end
|
||||||
|
|
|
@ -128,6 +128,7 @@ user: String,
|
||||||
check_tables: {type: Bool, default: false}, # Check table integrity, automatically try to add any missing columns, create tables, etc.
|
check_tables: {type: Bool, default: false}, # Check table integrity, automatically try to add any missing columns, create tables, etc.
|
||||||
cache_annotations: {type: Bool, default: false}, # Cache annotations requested from IA, will not cache empty annotations or annotations that only contain cards
|
cache_annotations: {type: Bool, default: false}, # Cache annotations requested from IA, will not cache empty annotations or annotations that only contain cards
|
||||||
banner: {type: String?, default: nil}, # Optional banner to be displayed along top of page for announcements, etc.
|
banner: {type: String?, default: nil}, # Optional banner to be displayed along top of page for announcements, etc.
|
||||||
|
hsts: {type: Bool?, default: true}, # Enables 'Strict-Transport-Security'. Ensure that `domain` and all subdomains are served securely
|
||||||
})
|
})
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue