Mercurial > kallithea
changeset 3238:26bf9c8baad2 beta
added HSTS headers when using SSL for RhodeCode
| author | Marcin Kuzminski <marcin@python-works.com> |
|---|---|
| date | Sun, 27 Jan 2013 22:37:55 +0100 |
| parents | f5dd76e2a7af |
| children | a9565b8b429b |
| files | rhodecode/lib/middleware/https_fixup.py |
| diffstat | 1 files changed, 6 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/rhodecode/lib/middleware/https_fixup.py Sun Jan 27 00:18:49 2013 +0100 +++ b/rhodecode/lib/middleware/https_fixup.py Sun Jan 27 22:37:55 2013 +0100 @@ -23,6 +23,7 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. +from pylons.controllers.util import Request from rhodecode.lib.utils2 import str2bool @@ -34,7 +35,11 @@ def __call__(self, environ, start_response): self.__fixup(environ) - return self.application(environ, start_response) + req = Request(environ) + resp = req.get_response(self.application) + if environ['wsgi.url_scheme'] == 'https': + resp.headers['Strict-Transport-Security'] = 'max-age=8640000; includeSubDomains' + return resp(environ, start_response) def __fixup(self, environ): """