Add Strict-Transport-Security header to user agent

- Issue #584
author: Folker Bernitt <fbernitt@thoughtworks.com> 2016-01-28 14:41:25 +0100
committer: Folker Bernitt <fbernitt@thoughtworks.com> 2016-01-28 14:41:25 +0100
commit: 991ccef69286551c56f1c7519f45dbeed82b6b52 (patch)
tree: e20aeb6d558a4bc95f0566ba61cea4b0bf612c62 /service/pixelated/config/site.py
parent: 36a9354b49062a8eb8c2737d8580f38d17391642 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/service/pixelated/config/site.py b/service/pixelated/config/site.py
index e28daf16..8806366a 100644
--- a/service/pixelated/config/site.py
+++ b/service/pixelated/config/site.py
@@ -8,6 +8,10 @@ class AddCSPHeaderRequest(Request):
         self.setHeader("Content-Security-Policy", self.HEADER_VALUES)
         self.setHeader("X-Content-Security-Policy", self.HEADER_VALUES)
         self.setHeader("X-Webkit-CSP", self.HEADER_VALUES)
+
+        if self.isSecure():
+            self.setHeader('Strict-Transport-Security', 'max-age=31536000; includeSubDomains')
+
         Request.process(self)
author	Folker Bernitt <fbernitt@thoughtworks.com>	2016-01-28 14:41:25 +0100
committer	Folker Bernitt <fbernitt@thoughtworks.com>	2016-01-28 14:41:25 +0100
commit	991ccef69286551c56f1c7519f45dbeed82b6b52 (patch)
tree	e20aeb6d558a4bc95f0566ba61cea4b0bf612c62 /service/pixelated/config/site.py
parent	36a9354b49062a8eb8c2737d8580f38d17391642 (diff)