DevFW-CICD/ingress-nginx-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add HSTS headers to www redirects

Browse source 
Signed-off-by: Leonhard Mayr <leonhard.mayr@manz.at>
This commit is contained in:
Leonhard Mayr 2023-10-19 16:12:11 +02:00
parent 83b5ffb77f
commit dd949d5f52
2 changed files with 16 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
rootfs/etc/nginx/template/nginx.tmpl
View file

@ -629,6 +629,11 @@ http {
{{ end }} {{ end }}
} }
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
return {{ $all.Cfg.HTTPRedirectCode }} $redirect_to; return {{ $all.Cfg.HTTPRedirectCode }} $redirect_to;
} }
## end server {{ $redirect.From }} ## end server {{ $redirect.From }}

11
test/e2e/annotations/fromtowwwredirect.go
View file

@ -120,5 +120,16 @@ var _ = framework.DescribeAnnotation("from-to-www-redirect", func() {
Expect(). Expect().
Status(http.StatusOK). Status(http.StatusOK).
Header("ExpectedHost").Equal(fromHost) Header("ExpectedHost").Equal(fromHost)
ginkgo.By("responding with an HSTS header")
f.HTTPTestClientWithTLSConfig(&tls.Config{
InsecureSkipVerify: true, //nolint:gosec // Ignore the gosec error in testing
ServerName: fromHost,
}).
GET("/").
WithURL(f.GetURL(framework.HTTPS)).
WithHeader("Host", fromHost).
Expect().
Headers().ContainsKey("Strict-Transport-Security")
}) })
}) })