3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-06-01 02:12:50 +02:00
Code Issues Projects Releases Packages Wiki Activity

core/config: disable strict-transport-security header with staging autocert (#4741)

Browse source
This commit is contained in:
Caleb Doxsey 2023-11-13 09:21:44 -07:00 committed by GitHub
parent 3ad72db2fb
commit cfc339548f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
config/options.go
View file

@ -1155,7 +1155,7 @@ func (o *Options) GetSetResponseHeadersForPolicy(policy *Policy) map[string]stri
hdrs[k] = v
}
if !o.HasCertificates() {
if !o.HasCertificates() || o.AutocertOptions.UseStaging {
delete(hdrs, "Strict-Transport-Security")
}
}

9
config/options_test.go
View file

@ -979,6 +979,15 @@ func TestOptions_GetSetResponseHeaders(t *testing.T) {
"X-XSS-Protection": "1; mode=block",
}, options.GetSetResponseHeaders())
})
t.Run("autocert-staging", func(t *testing.T) {
options := NewDefaultOptions()
options.Cert = "CERT"
options.AutocertOptions.UseStaging = true
assert.Equal(t, map[string]string{
"X-Frame-Options": "SAMEORIGIN",
"X-XSS-Protection": "1; mode=block",
}, options.GetSetResponseHeaders())
})
t.Run("disable", func(t *testing.T) {
options := NewDefaultOptions()
options.SetResponseHeaders = map[string]string{DisableHeaderKey: "1", "x-other": "xyz"}