Skip to content

Commit fccf4bb

Browse files
f0sself0ssel
committedMar 31, 2022
pr comments
1 parent c874f35 commit fccf4bb

File tree

3 files changed

+8
-14
lines changed

3 files changed

+8
-14
lines changed
 

‎coderd/httpmw/stricttransportsecurity.go

Lines changed: 4 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -6,11 +6,6 @@ import (
66
"time"
77
)
88

9-
const (
10-
strictTransportSecurityHeader = "Strict-Transport-Security"
11-
strictTransportSecurityMaxAge = time.Hour * 24 * 365 // 1 year
12-
)
13-
149
// StrictTransportSecurity will add the strict-transport-security header if enabled.
1510
// This header forces a browser to always use https for the domain after it loads https
1611
// once.
@@ -23,12 +18,13 @@ const (
2318
// nolint:revive
2419
func StrictTransportSecurity(enable bool) func(next http.Handler) http.Handler {
2520
return func(next http.Handler) http.Handler {
26-
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
21+
return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
2722
if enable {
28-
w.Header().Set(strictTransportSecurityHeader, fmt.Sprintf("max-age=%d", int64(strictTransportSecurityMaxAge.Seconds())))
23+
age := time.Hour * 24 * 365 // 1 year
24+
rw.Header().Set("Strict-Transport-Security", fmt.Sprintf("max-age=%d", int64(age.Seconds())))
2925
}
3026

31-
next.ServeHTTP(w, r)
27+
next.ServeHTTP(rw, r)
3228
})
3329
}
3430
}

‎coderd/httpmw/stricttransportsecurity_test.go

Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -13,14 +13,12 @@ import (
1313
"github.com/coder/coder/coderd/httpmw"
1414
)
1515

16-
const (
17-
strictTransportSecurityHeader = "Strict-Transport-Security"
18-
strictTransportSecurityMaxAge = time.Hour * 24 * 365
19-
)
20-
2116
func TestStrictTransportSecurity(t *testing.T) {
2217
t.Parallel()
2318

19+
strictTransportSecurityHeader := "Strict-Transport-Security"
20+
strictTransportSecurityMaxAge := time.Hour * 24 * 365
21+
2422
setup := func(enable bool) *http.Response {
2523
rw := httptest.NewRecorder()
2624
r := httptest.NewRequest("GET", "/", nil)

‎coderd/users.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -417,7 +417,7 @@ func (api *api) postLogin(rw http.ResponseWriter, r *http.Request) {
417417
Path: "/",
418418
HttpOnly: true,
419419
SameSite: http.SameSiteLaxMode,
420-
Secure: api.SecureCookie,
420+
Secure: api.SecureAuthCookie,
421421
})
422422

423423
render.Status(r, http.StatusCreated)

0 commit comments

Comments
 (0)