From 557fd9ea187b1279b43ff63b94fedf2320aa3351 Mon Sep 17 00:00:00 2001
From: Daniel Schalla <daniel@schalla.me>
Date: Tue, 16 Oct 2018 16:51:46 +0200
Subject: Set default ciphers, set tls 1.2 via config, set curve prefs (#9315)

Config Checks at StartUp Part1

Config Checks; Tests for TLS Server

HSTS header implementation + tests

make gofmt happy with new go version...

make gofmt happy with new go version #2...

fix logic bug

fix typo

Fix unnecessary code block
---
 web/handlers.go | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'web/handlers.go')

diff --git a/web/handlers.go b/web/handlers.go
index 71a43bc48..9b0705a5b 100644
--- a/web/handlers.go
+++ b/web/handlers.go
@@ -75,6 +75,10 @@ func (h Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set(model.HEADER_REQUEST_ID, c.RequestId)
 	w.Header().Set(model.HEADER_VERSION_ID, fmt.Sprintf("%v.%v.%v.%v", model.CurrentVersion, model.BuildNumber, c.App.ClientConfigHash(), c.App.License() != nil))
 
+	if *c.App.Config().ServiceSettings.TLSStrictTransport {
+		w.Header().Set("Strict-Transport-Security", fmt.Sprintf("max-age=%d", *c.App.Config().ServiceSettings.TLSStrictTransportMaxAge))
+	}
+
 	if h.IsStatic {
 		// Instruct the browser not to display us in an iframe unless is the same origin for anti-clickjacking
 		w.Header().Set("X-Frame-Options", "SAMEORIGIN")
-- 
cgit v1.2.3-1-g7c22