From 991ccef69286551c56f1c7519f45dbeed82b6b52 Mon Sep 17 00:00:00 2001
From: Folker Bernitt <fbernitt@thoughtworks.com>
Date: Thu, 28 Jan 2016 14:41:25 +0100
Subject: Add Strict-Transport-Security header to user agent

- Issue #584
---
 service/pixelated/config/site.py | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'service/pixelated/config/site.py')

diff --git a/service/pixelated/config/site.py b/service/pixelated/config/site.py
index e28daf16..8806366a 100644
--- a/service/pixelated/config/site.py
+++ b/service/pixelated/config/site.py
@@ -8,6 +8,10 @@ class AddCSPHeaderRequest(Request):
         self.setHeader("Content-Security-Policy", self.HEADER_VALUES)
         self.setHeader("X-Content-Security-Policy", self.HEADER_VALUES)
         self.setHeader("X-Webkit-CSP", self.HEADER_VALUES)
+
+        if self.isSecure():
+            self.setHeader('Strict-Transport-Security', 'max-age=31536000; includeSubDomains')
+
         Request.process(self)
 
 
-- 
cgit v1.2.3