gddo-server: Remove https redirect for "godoc.org" domain
With the move of godoc.org to app engine, the TLS is being stripped
before it hits the gddo-server. This causes an infinite redirect as it
continuously tries to redirect to https even though https is already
being used.
HSTS headers were also removed. Strict TLS is really not needed for
this site. It is a security feature unlikely to provide much security
while at the same time getting in the way if we ever need to host
godoc.org in a non-https enviornment.
Change-Id: Id6f7fd2e1675320ec322077c19834bf4c135ffee
Reviewed-on: https://go-review.googlesource.com/21454
Reviewed-by: Andrew Gerrand <adg@golang.org>
diff --git a/gddo-server/main.go b/gddo-server/main.go
index 237ccf1..0105793 100644
--- a/gddo-server/main.go
+++ b/gddo-server/main.go
@@ -18,7 +18,6 @@
"html/template"
"io"
"log"
- "net"
"net/http"
"os"
"path"
@@ -779,23 +778,6 @@
}
func (m rootHandler) ServeHTTP(resp http.ResponseWriter, req *http.Request) {
- host := req.Host
- if h, _, err := net.SplitHostPort(host); err == nil {
- host = h
- }
- if host == "godoc.org" {
- if req.Header.Get("X-Scheme") != "https" {
- u := *req.URL
- u.Scheme = "https"
- u.Host = host
- http.Redirect(resp, req, u.String(), http.StatusFound)
- return
- }
- // Because https is not used api.godoc.org, the includeSubDomains
- // parameter is not used here.
- resp.Header().Add("Strict-Transport-Security", "max-age=631138519; preload")
- }
-
var h http.Handler
for _, ph := range m {
if strings.HasPrefix(req.Host, ph.prefix) {
