diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl index d58be2880..c71257bcb 100644 --- a/rootfs/etc/nginx/template/nginx.tmpl +++ b/rootfs/etc/nginx/template/nginx.tmpl @@ -629,6 +629,11 @@ http { {{ end }} } + header_filter_by_lua_block { + lua_ingress.header() + plugins.run() + } + return {{ $all.Cfg.HTTPRedirectCode }} $redirect_to; } ## end server {{ $redirect.From }} diff --git a/test/e2e/annotations/fromtowwwredirect.go b/test/e2e/annotations/fromtowwwredirect.go index b69cce93e..3a72778dd 100644 --- a/test/e2e/annotations/fromtowwwredirect.go +++ b/test/e2e/annotations/fromtowwwredirect.go @@ -120,5 +120,16 @@ var _ = framework.DescribeAnnotation("from-to-www-redirect", func() { Expect(). Status(http.StatusOK). Header("ExpectedHost").Equal(fromHost) + + ginkgo.By("responding with an HSTS header") + f.HTTPTestClientWithTLSConfig(&tls.Config{ + InsecureSkipVerify: true, //nolint:gosec // Ignore the gosec error in testing + ServerName: fromHost, + }). + GET("/"). + WithURL(f.GetURL(framework.HTTPS)). + WithHeader("Host", fromHost). + Expect(). + Headers().ContainsKey("Strict-Transport-Security") }) })