diff options
| author | Omar Roth <omarroth@protonmail.com> | 2019-05-14 08:21:01 -0500 |
|---|---|---|
| committer | Omar Roth <omarroth@protonmail.com> | 2019-05-14 08:21:01 -0500 |
| commit | 97ef2191fd2d4bb4b44915536c3a9d45dc4c12f8 (patch) | |
| tree | b872e4f5866dbfbd265ff475506e4f292f930869 | |
| parent | e833ccf309f8a0081d4ddaf8eaf01d875b354bfb (diff) | |
| download | invidious-97ef2191fd2d4bb4b44915536c3a9d45dc4c12f8.tar.gz invidious-97ef2191fd2d4bb4b44915536c3a9d45dc4c12f8.tar.bz2 invidious-97ef2191fd2d4bb4b44915536c3a9d45dc4c12f8.zip | |
Add 'hsts' as config option
| -rw-r--r-- | src/invidious.cr | 6 | ||||
| -rw-r--r-- | src/invidious/helpers/helpers.cr | 1 |
2 files changed, 5 insertions, 2 deletions
diff --git a/src/invidious.cr b/src/invidious.cr index 31b8904e..9956e127 100644 --- a/src/invidious.cr +++ b/src/invidious.cr @@ -193,7 +193,7 @@ before_all do |env| env.response.headers["Content-Security-Policy"] = "default-src blob: data: 'self' #{host_url} 'unsafe-inline' 'unsafe-eval'; media-src blob: 'self' #{host_url} https://*.googlevideo.com:443" env.response.headers["Referrer-Policy"] = "same-origin" - if Kemal.config.ssl || config.https_only + if (Kemal.config.ssl || config.https_only) && config.hsts env.response.headers["Strict-Transport-Security"] = "max-age=31536000; includeSubDomains; preload" end @@ -5355,7 +5355,9 @@ if Kemal.config.ssl redirect_url += "?#{env.request.query}" end - env.response.headers["Strict-Transport-Security"] = "max-age=31536000; includeSubDomains; preload" + if config.hsts + env.response.headers["Strict-Transport-Security"] = "max-age=31536000; includeSubDomains; preload" + end env.response.headers["Location"] = redirect_url env.response.status_code = 301 end diff --git a/src/invidious/helpers/helpers.cr b/src/invidious/helpers/helpers.cr index becf54b4..2b843087 100644 --- a/src/invidious/helpers/helpers.cr +++ b/src/invidious/helpers/helpers.cr @@ -128,6 +128,7 @@ user: String, check_tables: {type: Bool, default: false}, # Check table integrity, automatically try to add any missing columns, create tables, etc. cache_annotations: {type: Bool, default: false}, # Cache annotations requested from IA, will not cache empty annotations or annotations that only contain cards banner: {type: String?, default: nil}, # Optional banner to be displayed along top of page for announcements, etc. + hsts: {type: Bool?, default: true}, # Enables 'Strict-Transport-Security'. Ensure that `domain` and all subdomains are served securely }) end |