Skip to content

Commit fccf4bb

Browse files
f0sself0ssel
committed
pr comments
1 parent c874f35 commit fccf4bb

File tree

3 files changed

+8
-14
lines changed

3 files changed

+8
-14
lines changed

coderd/httpmw/stricttransportsecurity.go

Lines changed: 4 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -6,11 +6,6 @@ import (
66
"time"
77
)
88

9-
const (
10-
strictTransportSecurityHeader = "Strict-Transport-Security"
11-
strictTransportSecurityMaxAge = time.Hour * 24 * 365 // 1 year
12-
)
13-
149
// StrictTransportSecurity will add the strict-transport-security header if enabled.
1510
// This header forces a browser to always use https for the domain after it loads https
1611
// once.
@@ -23,12 +18,13 @@ const (
2318
// nolint:revive
2419
func StrictTransportSecurity(enable bool) func(next http.Handler) http.Handler {
2520
return func(next http.Handler) http.Handler {
26-
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
21+
return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
2722
if enable {
28-
w.Header().Set(strictTransportSecurityHeader, fmt.Sprintf("max-age=%d", int64(strictTransportSecurityMaxAge.Seconds())))
23+
age := time.Hour * 24 * 365 // 1 year
24+
rw.Header().Set("Strict-Transport-Security", fmt.Sprintf("max-age=%d", int64(age.Seconds())))
2925
}
3026

31-
next.ServeHTTP(w, r)
27+
next.ServeHTTP(rw, r)
3228
})
3329
}
3430
}

coderd/httpmw/stricttransportsecurity_test.go

Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -13,14 +13,12 @@ import (
1313
"github.com/coder/coder/coderd/httpmw"
1414
)
1515

16-
const (
17-
strictTransportSecurityHeader = "Strict-Transport-Security"
18-
strictTransportSecurityMaxAge = time.Hour * 24 * 365
19-
)
20-
2116
func TestStrictTransportSecurity(t *testing.T) {
2217
t.Parallel()
2318

19+
strictTransportSecurityHeader := "Strict-Transport-Security"
20+
strictTransportSecurityMaxAge := time.Hour * 24 * 365
21+
2422
setup := func(enable bool) *http.Response {
2523
rw := httptest.NewRecorder()
2624
r := httptest.NewRequest("GET", "/", nil)

coderd/users.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -417,7 +417,7 @@ func (api *api) postLogin(rw http.ResponseWriter, r *http.Request) {
417417
Path: "/",
418418
HttpOnly: true,
419419
SameSite: http.SameSiteLaxMode,
420-
Secure: api.SecureCookie,
420+
Secure: api.SecureAuthCookie,
421421
})
422422

423423
render.Status(r, http.StatusCreated)

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy