diff options
Diffstat (limited to 'web/handlers.go')
| -rw-r--r-- | web/handlers.go | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/web/handlers.go b/web/handlers.go index 71a43bc48..9b0705a5b 100644 --- a/web/handlers.go +++ b/web/handlers.go @@ -75,6 +75,10 @@ func (h Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { w.Header().Set(model.HEADER_REQUEST_ID, c.RequestId) w.Header().Set(model.HEADER_VERSION_ID, fmt.Sprintf("%v.%v.%v.%v", model.CurrentVersion, model.BuildNumber, c.App.ClientConfigHash(), c.App.License() != nil)) + if *c.App.Config().ServiceSettings.TLSStrictTransport { + w.Header().Set("Strict-Transport-Security", fmt.Sprintf("max-age=%d", *c.App.Config().ServiceSettings.TLSStrictTransportMaxAge)) + } + if h.IsStatic { // Instruct the browser not to display us in an iframe unless is the same origin for anti-clickjacking w.Header().Set("X-Frame-Options", "SAMEORIGIN") |