kore

An easy to use, scalable and secure web application framework for writing web APIs in C.
Commits | Files | Refs | README | LICENSE | git clone https://git.kore.io/kore.git

commit b6570e10a9694cbc8f46f23a715425cd20ad06e7
parent cc276e247179fb59c0dcd530250dd72fb8dd2b80
Author: Frederic Cambus <fred@statdns.com>
Date:   Wed,  7 Apr 2021 11:57:45 +0200

Do not send the HSTS header if tls is not enabled in the server context.

Diffstat:
src/http.c | 2+-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/http.c b/src/http.c @@ -2138,7 +2138,7 @@ http_response_normal(struct http_request *req, struct connection *c, } } - if (http_hsts_enable) { + if (c->ssl && http_hsts_enable) { kore_buf_appendf(header_buf, "strict-transport-security: "); kore_buf_appendf(header_buf, "max-age=%" PRIu64 "; includeSubDomains\r\n",