Merge pull request #325 from garyburd/redir
Enforce HTTPS on godoc.org
diff --git a/gddo-server/main.go b/gddo-server/main.go
index 464deb5..eea3e12 100644
--- a/gddo-server/main.go
+++ b/gddo-server/main.go
@@ -18,6 +18,7 @@
"html/template"
"io"
"log"
+ "net"
"net/http"
"os"
"path"
@@ -764,12 +765,29 @@
json.NewEncoder(resp).Encode(&data)
}
-type hostMux []struct {
+type rootHandler []struct {
prefix string
h http.Handler
}
-func (m hostMux) ServeHTTP(resp http.ResponseWriter, req *http.Request) {
+func (m rootHandler) ServeHTTP(resp http.ResponseWriter, req *http.Request) {
+ host := req.Host
+ if h, _, err := net.SplitHostPort(host); err == nil {
+ host = h
+ }
+ if host == "godoc.org" {
+ if req.Header.Get("X-Scheme") != "https" {
+ u := *req.URL
+ u.Scheme = "https"
+ u.Host = host
+ http.Redirect(resp, req, u.String(), http.StatusFound)
+ return
+ }
+ // Because https is not used api.godoc.org, the includeSubDomains
+ // parameter is not used here.
+ resp.Header().Add("Strict-Transport-Security", "max-age=631138519; preload")
+ }
+
var h http.Handler
for _, ph := range m {
if strings.HasPrefix(req.Host, ph.prefix) {
@@ -777,6 +795,7 @@
break
}
}
+
h.ServeHTTP(resp, req)
}
@@ -902,7 +921,7 @@
cacheBusters.Handler = mux
- if err := http.ListenAndServe(*httpAddr, hostMux{{"api.", apiMux}, {"", mux}}); err != nil {
+ if err := http.ListenAndServe(*httpAddr, rootHandler{{"api.", apiMux}, {"", mux}}); err != nil {
log.Fatal(err)
}
}