diff options
author | Folker Bernitt <fbernitt@thoughtworks.com> | 2016-01-28 14:41:25 +0100 |
---|---|---|
committer | Folker Bernitt <fbernitt@thoughtworks.com> | 2016-01-28 14:41:25 +0100 |
commit | 991ccef69286551c56f1c7519f45dbeed82b6b52 (patch) | |
tree | e20aeb6d558a4bc95f0566ba61cea4b0bf612c62 /service | |
parent | 36a9354b49062a8eb8c2737d8580f38d17391642 (diff) |
Add Strict-Transport-Security header to user agent
- Issue #584
Diffstat (limited to 'service')
-rw-r--r-- | service/pixelated/config/site.py | 4 | ||||
-rw-r--r-- | service/test/unit/config/test_site.py | 17 |
2 files changed, 21 insertions, 0 deletions
diff --git a/service/pixelated/config/site.py b/service/pixelated/config/site.py index e28daf16..8806366a 100644 --- a/service/pixelated/config/site.py +++ b/service/pixelated/config/site.py @@ -8,6 +8,10 @@ class AddCSPHeaderRequest(Request): self.setHeader("Content-Security-Policy", self.HEADER_VALUES) self.setHeader("X-Content-Security-Policy", self.HEADER_VALUES) self.setHeader("X-Webkit-CSP", self.HEADER_VALUES) + + if self.isSecure(): + self.setHeader('Strict-Transport-Security', 'max-age=31536000; includeSubDomains') + Request.process(self) diff --git a/service/test/unit/config/test_site.py b/service/test/unit/config/test_site.py index 1858bfaf..83464e89 100644 --- a/service/test/unit/config/test_site.py +++ b/service/test/unit/config/test_site.py @@ -15,6 +15,23 @@ class TestPixelatedSite(unittest.TestCase): self.assertEqual(headers.get("X-Content-Security-Policy"), header_value) self.assertEqual(headers.get("X-Webkit-CSP"), header_value) + def test_add_strict_transport_security_header_if_secure(self): + request = self.create_request() + request._forceSSL = True + + request.process() + + headers = request.headers + self.assertEqual('max-age=31536000; includeSubDomains', headers.get('Strict-Transport-Security')) + + def test_does_not_add_strict_transport_security_header_if_plain_http(self): + request = self.create_request() + + request.process() + + headers = request.headers + self.assertFalse('Strict-Transport-Security' in headers) + def create_request(self): channel = LineReceiver() channel.site = PixelatedSite(mock()) |