Skip to content

Commit

Permalink
Merge pull request #4294 from magfest/hsts_header
Browse files Browse the repository at this point in the history 
Adding HSTS header support
  • Loading branch information
@bitbyt3r
bitbyt3r authored Nov 29, 2023
2 parents 5d00983 + f0b7663 commit 3cce3fb
Show file tree
Hide file tree
Showing 3 changed files with 21 additions and 0 deletions.
1 change: 1 addition & 0 deletions uber/config.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1123,6 +1123,7 @@ def _unrepr(d):
_unrepr(_config['appconf'])
c.APPCONF = _config['appconf'].dict()
c.SENTRY = _config['sentry'].dict()
c.HSTS = _config['hsts'].dict()
c.REDISCONF = _config['redis'].dict()
c.REDIS_PREFIX = c.REDISCONF['prefix']
c.REDIS_STORE = redis.Redis(host=c.REDISCONF['host'], port=c.REDISCONF['port'], db=c.REDISCONF['db'], decode_responses=True)
Expand Down
6 changes: 6 additions & 0 deletions uber/configspec.ini
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1881,13 +1881,19 @@ port = integer(default=6379)
db = integer(default=0)
prefix = string(default="")

[hsts]
max_age = integer(default=31536000)
preload = boolean(default=False)
include_subdomains = boolean(default=False)

[appconf]
# This is all CherryPy configuration.

[[/]]
tools.add_email_to_error_page.on = boolean(default=True)
tools.sentry_end_transaction.on = boolean(default=False)
tools.sentry_start_transaction.on = boolean(default=False)
tools.secureheaders.on = boolean(default=False)

# custom logging output:
# turn off normal traceback and header logging on errors, instead use our custom verbose logger that prints more info
Expand Down
14 changes: 14 additions & 0 deletions uber/server.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,20 @@ def sentry_end_transaction():
cherrypy.request.sentry_transaction.__exit__(None, None, None)
cherrypy.tools.sentry_end_transaction = cherrypy.Tool('on_end_request', sentry_end_transaction)

@cherrypy.tools.register('before_finalize', priority=60)
def secureheaders():
headers = cherrypy.response.headers
hsts_header = 'max-age=' + str(c.HSTS['max_age'])
if c.HSTS['include_subdomains']:
hsts_header += '; includeSubDomains'
if c.HSTS['preload']:
if c.HSTS['max_age'] < 31536000:
log.error('HSTS only supports preloading if max-age > 31536000')
elif not c.HSTS['include_subdomains']:
log.error('HSTS only supports preloading if subdomains are included')
else:
hsts_header += '; preload'
headers['Strict-Transport-Security'] = hsts_header

def _add_email():
[body] = cherrypy.response.body
Expand Down

0 comments on commit 3cce3fb

Please sign in to comment.