Etusivu Tutki Apua
Rekisteröidy Kirjaudu sisään
PSG
/
civetweb
peilaus alkaen https://github.com/civetweb/civetweb.git
5
0
Fork 0
Tiedostot Ongelmat 0 Wiki
Selaa lähdekoodia

Add configuration option for Strict-Transport-Security

bel2125 8 vuotta sitten
vanhempi
7a5bbf5de6
commit
8fcb2e0266
2 muutettua tiedostoa jossa 27 lisäystä ja 6 poistoa
Yhdistetty näkymä Näytä diff tilastot
  1. 12 0
      docs/UserManual.md
  2. 15 6
      src/civetweb.c

+ 12 - 0
docs/UserManual.md
Näytä tiedosto 

@@ -473,6 +473,18 @@ This value should not exceed one year (RFC 2616, Section 14.21).
 
 A value of 0 will send "do not cache" headers for all static files.
 
 A value of 0 will send "do not cache" headers for all static files.
 
 For values <0 and values >31622400, the behavior is undefined.
 
 For values <0 and values >31622400, the behavior is undefined.
 
 
 
+### strict\_transport\_security\_max\_age
 
+
 
+Set the `Strict-Transport-Security` header, and set the `max-age` value.
 
+This instructs web browsers to interact with the server only using HTTPS,
 
+never by HTTP. If set, it will be sent for every request handled directly
 
+by the server, except scripts (CGI, Lua, ..) and callbacks. They must 
+send HTTP headers on their own.
 
+
 
+The time is specified in seconds. If this configuration is not set, 
+or set to -1, no `Strict-Transport-Security` header will be sent.
 
+For values <-1 and values >31622400, the behavior is undefined.
 
+
 
 ### decode\_url `yes`
 
 ### decode\_url `yes`
 
 URL encoded request strings are decoded in the server, unless it is disabled
 
 URL encoded request strings are decoded in the server, unless it is disabled
 
 by setting this option to `no`.
 
 by setting this option to `no`.

+ 15 - 6
src/civetweb.c
Näytä tiedosto 

@@ -1893,6 +1893,9 @@ enum {
 
 #if !defined(NO_CACHING)
 
 #if !defined(NO_CACHING)
 
 	STATIC_FILE_MAX_AGE,
 
 	STATIC_FILE_MAX_AGE,
 
 #endif
 
 #endif
 
+#if !defined(NO_SSL)
 
+	STRICT_HTTPS_MAX_AGE,
 
+#endif
 
 #if defined(__linux__)
 
 #if defined(__linux__)
 
 	ALLOW_SENDFILE_CALL,
 
 	ALLOW_SENDFILE_CALL,
 
 #endif
 
 #endif
 
@@ -1983,6 +1986,9 @@ static struct mg_option config_options[] = {
 
 #if !defined(NO_CACHING)
 
 #if !defined(NO_CACHING)
 
     {"static_file_max_age", CONFIG_TYPE_NUMBER, "3600"},
 
     {"static_file_max_age", CONFIG_TYPE_NUMBER, "3600"},
 
 #endif
 
 #endif
 
+#if !defined(NO_SSL)
 
+    {"strict_transport_security_max_age", CONFIG_TYPE_NUMBER, NULL},
 
+#endif
 
 #if defined(__linux__)
 
 #if defined(__linux__)
 
     {"allow_sendfile_call", CONFIG_TYPE_BOOLEAN, "yes"},
 
     {"allow_sendfile_call", CONFIG_TYPE_BOOLEAN, "yes"},
 
 #endif
 
 #endif
 
@@ -3414,13 +3420,16 @@ static int
 
 send_additional_header(struct mg_connection *conn)
 
 send_additional_header(struct mg_connection *conn)
 
 {
 
 {
 
 	int i = 0;
 
 	int i = 0;
 
-	(void)conn;
 
 
 
-#if 0
 
-	/* TODO (Feature): Configure additional response header */
 
-	i += mg_printf(conn, "Strict-Transport-Security: max-age=%u\r\n", 3600);
 
-	i += mg_printf(conn, "X-Some-Test-Header: %u\r\n", 42);
 
-#endif
 
+	if (conn->ctx->config[STRICT_HTTPS_MAX_AGE]) {
 
+		int max_age = atoi(conn->ctx->config[STRICT_HTTPS_MAX_AGE]);
 
+		if (max_age >= 0) {
 
+			i += mg_printf(conn,
 
+			               "Strict-Transport-Security: max-age=%u\r\n",
 
+			               (unsigned)max_age);
 
+		}
 
+	}
 
+
 
 	return i;
 
 	return i;
 
 }
 
 }