From a5218b38a6e9f1b4b1e290b4559b13c3e10fdd40 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20Krier?= <ced@b2ck.com>
Date: Mon, 9 Feb 2015 19:53:52 +0100
Subject: [PATCH] Add STS header when TLS

---
 server/middleware/header.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/server/middleware/header.go b/server/middleware/header.go
index dbb60873d..08920bee8 100644
--- a/server/middleware/header.go
+++ b/server/middleware/header.go
@@ -22,6 +22,9 @@ func SetHeaders(c *web.C, h http.Handler) http.Handler {
 		w.Header().Add("Cache-Control", "value")
 		w.Header().Set("Last-Modified", time.Now().UTC().Format(http.TimeFormat))
 		w.Header().Set("Expires", "Thu, 01 Jan 1970 00:00:00 GMT")
+		if (r.TLS != nil) {
+			w.Header().Add("Strict-Transport-Security", "max-age=31536000")
+		}
 		h.ServeHTTP(w, r)
 	}
 	return http.HandlerFunc(fn)