kore

An easy to use, scalable and secure web application framework for writing web APIs in C.
Commits | Files | Refs | README | LICENSE | git clone https://git.kore.io/kore.git

commit 91c44af6f0241428f0cabfadb380787960758a7d
parent 1507f88ec79284d9adf917e1c9ae9de5ca0c493f
Author: Joris Vink <joris@coders.se>
Date:   Tue, 10 Feb 2015 17:14:07 +0100

Always include includeSubDomains for HSTS.

Diffstat:
src/http.c | 5+++--
1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/http.c b/src/http.c @@ -1166,7 +1166,7 @@ http_response_spdy(struct http_request *req, struct connection *c, if (http_hsts_enable) { (void)snprintf(sbuf, sizeof(sbuf), - "max-age=%" PRIu64, http_hsts_enable); + "max-age=%" PRIu64 "; includeSubDomains", http_hsts_enable); spdy_header_block_add(hblock, ":strict-transport-security", sbuf); } @@ -1237,7 +1237,8 @@ http_response_normal(struct http_request *req, struct connection *c, if (http_hsts_enable) { kore_buf_appendf(header_buf, "strict-transport-security: "); - kore_buf_appendf(header_buf, "max-age=%" PRIu64 "\r\n", + kore_buf_appendf(header_buf, + "max-age=%" PRIu64 "; includeSubDomains\r\n", http_hsts_enable); }