feat: 合并Gin_Vue
This commit is contained in:
TsMask
37
src/framework/middleware/security/hsts.go
Normal file
37
src/framework/middleware/security/hsts.go
Normal file
@@ -0,0 +1,37 @@
|
||||
package security
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
"ems.agt/src/framework/config"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
)
|
||||
|
||||
// hsts 是一个安全功能 HTTP Strict Transport Security(通常简称为 HSTS )
|
||||
// 它告诉浏览器只能通过 HTTPS 访问当前资源,而不是 HTTP。
|
||||
func hsts(c *gin.Context) {
|
||||
enable := false
|
||||
if v := config.Get("security.hsts.enable"); v != nil {
|
||||
enable = v.(bool)
|
||||
}
|
||||
|
||||
maxAge := 365 * 24 * 3600
|
||||
if v := config.Get("security.hsts.maxAge"); v != nil {
|
||||
maxAge = v.(int)
|
||||
}
|
||||
|
||||
includeSubdomains := false
|
||||
if v := config.Get("security.hsts.includeSubdomains"); v != nil {
|
||||
includeSubdomains = v.(bool)
|
||||
}
|
||||
|
||||
str := fmt.Sprintf("max-age=%d", maxAge)
|
||||
if includeSubdomains {
|
||||
str += "; includeSubdomains"
|
||||
}
|
||||
|
||||
if enable {
|
||||
c.Header("strict-transport-security", str)
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user