Add Strict-Transport-Security header to user agent

- Issue #584
author: Folker Bernitt <fbernitt@thoughtworks.com> 2016-01-28 14:41:25 +0100
committer: Folker Bernitt <fbernitt@thoughtworks.com> 2016-01-28 14:41:25 +0100
commit: 991ccef69286551c56f1c7519f45dbeed82b6b52 (patch)
tree: e20aeb6d558a4bc95f0566ba61cea4b0bf612c62 /service/test/unit/config
parent: 36a9354b49062a8eb8c2737d8580f38d17391642 (diff)
1 files changed, 17 insertions, 0 deletions
diff --git a/service/test/unit/config/test_site.py b/service/test/unit/config/test_site.py
index 1858bfaf..83464e89 100644
--- a/service/test/unit/config/test_site.py
+++ b/service/test/unit/config/test_site.py
@@ -15,6 +15,23 @@ class TestPixelatedSite(unittest.TestCase):
         self.assertEqual(headers.get("X-Content-Security-Policy"), header_value)
         self.assertEqual(headers.get("X-Webkit-CSP"), header_value)
 
+    def test_add_strict_transport_security_header_if_secure(self):
+        request = self.create_request()
+        request._forceSSL = True
+
+        request.process()
+
+        headers = request.headers
+        self.assertEqual('max-age=31536000; includeSubDomains', headers.get('Strict-Transport-Security'))
+
+    def test_does_not_add_strict_transport_security_header_if_plain_http(self):
+        request = self.create_request()
+
+        request.process()
+
+        headers = request.headers
+        self.assertFalse('Strict-Transport-Security' in headers)
+
     def create_request(self):
         channel = LineReceiver()
         channel.site = PixelatedSite(mock())
author	Folker Bernitt <fbernitt@thoughtworks.com>	2016-01-28 14:41:25 +0100
committer	Folker Bernitt <fbernitt@thoughtworks.com>	2016-01-28 14:41:25 +0100
commit	991ccef69286551c56f1c7519f45dbeed82b6b52 (patch)
tree	e20aeb6d558a4bc95f0566ba61cea4b0bf612c62 /service/test/unit/config
parent	36a9354b49062a8eb8c2737d8580f38d17391642 (diff)