首页 发现 帮助
注册 登录
PSG
/
civetweb
镜像自地址 https://github.com/civetweb/civetweb.git
5
0
派生 0
文件 工单管理 0 Wiki
浏览代码

Add configuration option for Strict-Transport-Security

bel2125 8 年之前
父节点
7a5bbf5de6
当前提交
8fcb2e0266
共有 2 个文件被更改,包括 27 次插入6 次删除
分列视图 显示文件统计
  1. 12 0
      docs/UserManual.md
  2. 15 6
      src/civetweb.c

+ 12 - 0
docs/UserManual.md
查看文件 

@@ -473,6 +473,18 @@ This value should not exceed one year (RFC 2616, Section 14.21).
 
 A value of 0 will send "do not cache" headers for all static files.
 
 For values <0 and values >31622400, the behavior is undefined.
 
 
+### strict\_transport\_security\_max\_age
 
+
 
+Set the `Strict-Transport-Security` header, and set the `max-age` value.
 
+This instructs web browsers to interact with the server only using HTTPS,
 
+never by HTTP. If set, it will be sent for every request handled directly
 
+by the server, except scripts (CGI, Lua, ..) and callbacks. They must 
+send HTTP headers on their own.
 
+
 
+The time is specified in seconds. If this configuration is not set, 
+or set to -1, no `Strict-Transport-Security` header will be sent.
 
+For values <-1 and values >31622400, the behavior is undefined.
 
+
 
 ### decode\_url `yes`
 
 URL encoded request strings are decoded in the server, unless it is disabled
 
 by setting this option to `no`.

+ 15 - 6
src/civetweb.c
查看文件 

@@ -1893,6 +1893,9 @@ enum {
 
 #if !defined(NO_CACHING)
 
 	STATIC_FILE_MAX_AGE,
 
 #endif
 
+#if !defined(NO_SSL)
 
+	STRICT_HTTPS_MAX_AGE,
 
+#endif
 
 #if defined(__linux__)
 
 	ALLOW_SENDFILE_CALL,
 
 #endif
 
@@ -1983,6 +1986,9 @@ static struct mg_option config_options[] = {
 
 #if !defined(NO_CACHING)
 
     {"static_file_max_age", CONFIG_TYPE_NUMBER, "3600"},
 
 #endif
 
+#if !defined(NO_SSL)
 
+    {"strict_transport_security_max_age", CONFIG_TYPE_NUMBER, NULL},
 
+#endif
 
 #if defined(__linux__)
 
     {"allow_sendfile_call", CONFIG_TYPE_BOOLEAN, "yes"},
 
 #endif
 
@@ -3414,13 +3420,16 @@ static int
 
 send_additional_header(struct mg_connection *conn)
 
 {
 
 	int i = 0;
 
-	(void)conn;
 
 
-#if 0
 
-	/* TODO (Feature): Configure additional response header */
 
-	i += mg_printf(conn, "Strict-Transport-Security: max-age=%u\r\n", 3600);
 
-	i += mg_printf(conn, "X-Some-Test-Header: %u\r\n", 42);
 
-#endif
 
+	if (conn->ctx->config[STRICT_HTTPS_MAX_AGE]) {
 
+		int max_age = atoi(conn->ctx->config[STRICT_HTTPS_MAX_AGE]);
 
+		if (max_age >= 0) {
 
+			i += mg_printf(conn,
 
+			               "Strict-Transport-Security: max-age=%u\r\n",
 
+			               (unsigned)max_age);
 
+		}
 
+	}
 
+
 
 	return i;
 
 }