OMC/be.ems
1
0
Fork 0
Code Issues Releases 3 Activity
Files
356771828a082b7a52ffd8b8ab1c010337ac695f
be.ems/src/framework/middleware/security/hsts.go
TsMask 40a32cb67f feat: 合并Gin_Vue
2023-10-16 17:10:38 +08:00

38 lines
791 B
Go
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
package security
import (
"fmt"
"ems.agt/src/framework/config"
"github.com/gin-gonic/gin"
)
// hsts 是一个安全功能 HTTP Strict Transport Security通常简称为 HSTS
// 它告诉浏览器只能通过 HTTPS 访问当前资源,而不是 HTTP。
func hsts(c *gin.Context) {
enable := false
if v := config.Get("security.hsts.enable"); v != nil {
enable = v.(bool)
}
maxAge := 365 * 24 * 3600
if v := config.Get("security.hsts.maxAge"); v != nil {
maxAge = v.(int)
}
includeSubdomains := false
if v := config.Get("security.hsts.includeSubdomains"); v != nil {
includeSubdomains = v.(bool)
}
str := fmt.Sprintf("max-age=%d", maxAge)
if includeSubdomains {
str += "; includeSubdomains"
}
if enable {
c.Header("strict-transport-security", str)
}
}
Reference in New Issue View Git Blame Copy Permalink