Do not send the HSTS header if tls is not enabled in the server context. - kore - Kore is a web application platform for writing scalable, concurrent web based processes in C or Python.

commit b6570e10a9694cbc8f46f23a715425cd20ad06e7
parent cc276e247179fb59c0dcd530250dd72fb8dd2b80
Author: Frederic Cambus <fred@statdns.com>
Date:   Wed,  7 Apr 2021 11:57:45 +0200

Do not send the HSTS header if tls is not enabled in the server context.

Diffstat:
src/http.c  | 2 +-

1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/http.c b/src/http.c
@@ -2138,7 +2138,7 @@ http_response_normal(struct http_request *req, struct connection *c,
 		}
 	}
 
-	if (http_hsts_enable) {
+	if (c->ssl && http_hsts_enable) {
 		kore_buf_appendf(header_buf, "strict-transport-security: ");
 		kore_buf_appendf(header_buf,
 		    "max-age=%" PRIu64 "; includeSubDomains\r\n",

	kore Kore is a web application platform for writing scalable, concurrent web based processes in C or Python.
	Commits \| Files \| Refs \| README \| LICENSE \| git clone https://git.kore.io/kore.git