app: set Strict-Transport-Security header
Change-Id: I4bae73fe75309a0c631b8c283e8539878aa35d30
Reviewed-on: https://go-review.googlesource.com/22702
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
diff --git a/app/goplay/compile.go b/app/goplay/compile.go
index be1e3e7..f5bed89 100644
--- a/app/goplay/compile.go
+++ b/app/goplay/compile.go
@@ -16,7 +16,7 @@
const runUrl = "http://golang.org/compile?output=json"
func init() {
- http.HandleFunc("/compile", compile)
+ http.Handle("/compile", hstsHandler(compile))
}
func compile(w http.ResponseWriter, r *http.Request) {
diff --git a/app/goplay/edit.go b/app/goplay/edit.go
index ce29a78..c7e2cbb 100644
--- a/app/goplay/edit.go
+++ b/app/goplay/edit.go
@@ -16,7 +16,7 @@
const hostname = "play.golang.org"
func init() {
- http.HandleFunc("/", edit)
+ http.Handle("/", hstsHandler(edit))
}
var editTemplate = template.Must(template.ParseFiles("goplay/edit.html"))
diff --git a/app/goplay/fmt.go b/app/goplay/fmt.go
index a862343..b6842f3 100644
--- a/app/goplay/fmt.go
+++ b/app/goplay/fmt.go
@@ -13,7 +13,7 @@
)
func init() {
- http.HandleFunc("/fmt", fmtHandler)
+ http.Handle("/fmt", hstsHandler(fmtHandler))
}
type fmtResponse struct {
diff --git a/app/goplay/hsts.go b/app/goplay/hsts.go
new file mode 100644
index 0000000..c0927d2
--- /dev/null
+++ b/app/goplay/hsts.go
@@ -0,0 +1,15 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package goplay
+
+import "net/http"
+
+// hstsHandler wraps an http.HandlerFunc such that it sets the HSTS header.
+func hstsHandler(fn http.HandlerFunc) http.Handler {
+ return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+ w.Header().Set("Strict-Transport-Security", "max-age=31536000; preload")
+ fn(w, r)
+ })
+}
diff --git a/app/goplay/play.go b/app/goplay/play.go
index b8257f1..e4c6c54 100644
--- a/app/goplay/play.go
+++ b/app/goplay/play.go
@@ -12,7 +12,7 @@
)
func init() {
- http.HandleFunc("/playground.js", play)
+ http.Handle("/playground.js", hstsHandler(play))
}
func play(w http.ResponseWriter, r *http.Request) {
diff --git a/app/goplay/share.go b/app/goplay/share.go
index 72fca10..fc0fe3e 100644
--- a/app/goplay/share.go
+++ b/app/goplay/share.go
@@ -35,7 +35,7 @@
}
func init() {
- http.HandleFunc("/share", share)
+ http.Handle("/share", hstsHandler(share))
}
func share(w http.ResponseWriter, r *http.Request) {