Add HSTS headers to www redirects

Signed-off-by: Leonhard Mayr <leonhard.mayr@manz.at>
This commit is contained in:
Leonhard Mayr 2023-10-19 16:12:11 +02:00
parent 83b5ffb77f
commit dd949d5f52
2 changed files with 16 additions and 0 deletions

View file

@ -629,6 +629,11 @@ http {
{{ end }}
}
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
return {{ $all.Cfg.HTTPRedirectCode }} $redirect_to;
}
## end server {{ $redirect.From }}

View file

@ -120,5 +120,16 @@ var _ = framework.DescribeAnnotation("from-to-www-redirect", func() {
Expect().
Status(http.StatusOK).
Header("ExpectedHost").Equal(fromHost)
ginkgo.By("responding with an HSTS header")
f.HTTPTestClientWithTLSConfig(&tls.Config{
InsecureSkipVerify: true, //nolint:gosec // Ignore the gosec error in testing
ServerName: fromHost,
}).
GET("/").
WithURL(f.GetURL(framework.HTTPS)).
WithHeader("Host", fromHost).
Expect().
Headers().ContainsKey("Strict-Transport-Security")
})
})