Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 197b163

Browse files
f0sself0ssel
committed
pr comments
1 parent c6534f6 commit 197b163

File tree

3 files changed

+25
-25
lines changed

3 files changed

+25
-25
lines changed

cli/start.go

Lines changed: 13 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -47,17 +47,17 @@ func start() *cobra.Command {
4747
dev bool
4848
postgresURL string
4949
// provisionerDaemonCount is a uint8 to ensure a number > 0.
50-
provisionerDaemonCount uint8
51-
tlsCertFile string
52-
tlsClientCAFile string
53-
tlsClientAuth string
54-
tlsEnable bool
55-
tlsKeyFile string
56-
tlsMinVersion string
57-
useTunnel bool
58-
traceDatadog bool
59-
hsts bool
60-
secureCookie bool
50+
provisionerDaemonCount uint8
51+
tlsCertFile string
52+
tlsClientCAFile string
53+
tlsClientAuth string
54+
tlsEnable bool
55+
tlsKeyFile string
56+
tlsMinVersion string
57+
useTunnel bool
58+
traceDatadog bool
59+
strictTransportSecurity bool
60+
secureCookie bool
6161
)
6262
root := &cobra.Command{
6363
Use: "start",
@@ -134,7 +134,7 @@ func start() *cobra.Command {
134134
Database: databasefake.New(),
135135
Pubsub: database.NewPubsubInMemory(),
136136
GoogleTokenValidator: validator,
137-
HSTS: hsts,
137+
HSTS: strictTransportSecurity,
138138
SecureCookie: secureCookie,
139139
}
140140

@@ -338,7 +338,7 @@ func start() *cobra.Command {
338338
cliflag.BoolVarP(root.Flags(), &useTunnel, "tunnel", "", "CODER_DEV_TUNNEL", true, "Serve dev mode through a Cloudflare Tunnel for easy setup")
339339
_ = root.Flags().MarkHidden("tunnel")
340340
cliflag.BoolVarP(root.Flags(), &traceDatadog, "trace-datadog", "", "CODER_TRACE_DATADOG", false, "Send tracing data to a datadog agent")
341-
cliflag.BoolVarP(root.Flags(), &hsts, "hsts", "", "CODER_HSTS", false, "Set the 'strict-transport-security' header on http responses")
341+
cliflag.BoolVarP(root.Flags(), &strictTransportSecurity, "strict-transport-security", "", "CODER_STRICT_TRANSPORT_SECURITY", false, "Set the 'strict-transport-security' header on http responses")
342342
cliflag.BoolVarP(root.Flags(), &secureCookie, "secure-cookie", "", "CODER_SECURE_COOKIE", false, "Set the 'Secure' property on browser session cookies")
343343

344344
return root

coderd/httpmw/hsts.go

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -7,25 +7,25 @@ import (
77
)
88

99
const (
10-
HSTSHeader = "Strict-Transport-Security"
11-
HSTSMaxAge = time.Hour * 24 * 365 // 1 year
10+
StrictTransportSecurityHeader = "Strict-Transport-Security"
11+
StrictTransportSecurityMaxAge = time.Hour * 24 * 365 // 1 year
1212
)
1313

14-
// HSTS will add the strict-transport-security header if enabled.
14+
// StrictTransportSecurity will add the strict-transport-security header if enabled.
1515
// This header forces a browser to always use https for the domain after it loads https
1616
// once.
1717
// Meaning: On first load of product.coder.com, they are redirected to https.
1818
// On all subsequent loads, the client's local browser forces https. This prevents man in the middle.
1919
//
2020
// This header only makes sense if the app is using tls.
2121
// Full header example
22-
// Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
22+
// Strict-Transport-Security: max-age=63072000;
2323
// nolint:revive
24-
func HSTS(enable bool) func(next http.Handler) http.Handler {
24+
func StrictTransportSecurity(enable bool) func(next http.Handler) http.Handler {
2525
return func(next http.Handler) http.Handler {
2626
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
2727
if enable {
28-
w.Header().Set(HSTSHeader, fmt.Sprintf("max-age=%d", int64(HSTSMaxAge)))
28+
w.Header().Set(StrictTransportSecurityHeader, fmt.Sprintf("max-age=%d", int64(StrictTransportSecurityMaxAge.Seconds())))
2929
}
3030

3131
next.ServeHTTP(w, r)

coderd/httpmw/hsts_test.go

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -6,21 +6,20 @@ import (
66
"net/http/httptest"
77
"testing"
88

9+
"github.com/coder/coder/coderd/httpmw"
910
"github.com/go-chi/chi/v5"
1011
"github.com/stretchr/testify/require"
11-
12-
"github.com/coder/coder/coderd/httpmw"
1312
)
1413

15-
func TestHSTS(t *testing.T) {
14+
func TestStrictTransportSecurity(t *testing.T) {
1615
t.Parallel()
1716

1817
setup := func(enable bool) *http.Response {
1918
rw := httptest.NewRecorder()
2019
r := httptest.NewRequest("GET", "/", nil)
2120

2221
rtr := chi.NewRouter()
23-
rtr.Use(httpmw.HSTS(enable))
22+
rtr.Use(httpmw.StrictTransportSecurity(enable))
2423
rtr.Get("/", func(w http.ResponseWriter, r *http.Request) {
2524
_, _ = w.Write([]byte("hello!"))
2625
})
@@ -33,13 +32,14 @@ func TestHSTS(t *testing.T) {
3332

3433
res := setup(true)
3534
defer res.Body.Close()
36-
require.Contains(t, res.Header.Get(httpmw.HSTSHeader), fmt.Sprintf("max-age=%d", int64(httpmw.HSTSMaxAge)))
35+
require.Contains(t, res.Header.Get(httpmw.StrictTransportSecurityHeader), fmt.Sprintf("max-age=%d", int64(httpmw.StrictTransportSecurityMaxAge)))
3736
})
3837
t.Run("False", func(t *testing.T) {
3938
t.Parallel()
4039

4140
res := setup(false)
4241
defer res.Body.Close()
43-
require.NotContains(t, res.Header.Get(httpmw.HSTSHeader), fmt.Sprintf("max-age=%d", int64(httpmw.HSTSMaxAge)))
42+
require.NotContains(t, res.Header.Get(httpmw.StrictTransportSecurityHeader), fmt.Sprintf("max-age=%d", int64(httpmw.StrictTransportSecurityMaxAge)))
43+
require.Equal(t, res.Header.Get(httpmw.StrictTransportSecurityHeader), "")
4444
})
4545
}

0 commit comments

Comments
 (0)