From 6933e3b5e6fbad6e5165b9f65ce6af2f2eccc1ff Mon Sep 17 00:00:00 2001
From: Eduard Urbach <admin@akyoto.dev>
Date: Thu, 20 Feb 2025 20:08:38 +0100
Subject: [PATCH] Added HSTS header

---
 main.go                   |  1 +
 server/middleware/HSTS.go | 10 ++++++++++
 2 files changed, 11 insertions(+)
 create mode 100644 server/middleware/HSTS.go

diff --git a/main.go b/main.go
index f1f0b29..dcd1f66 100644
--- a/main.go
+++ b/main.go
@@ -18,6 +18,7 @@ func main() {
 	server := web.NewServer()
 	server.Use(middleware.Recover)
 	server.Use(middleware.RedirectTrailingSlashes)
+	server.Use(middleware.HSTS)
 	server.Get("/", pages.Frontpage)
 	server.Get("/blog", pages.Blog)
 	server.Get("/:post", pages.Post)
diff --git a/server/middleware/HSTS.go b/server/middleware/HSTS.go
new file mode 100644
index 0000000..6b6dfcc
--- /dev/null
+++ b/server/middleware/HSTS.go
@@ -0,0 +1,10 @@
+package middleware
+
+import (
+	"git.akyoto.dev/go/web"
+)
+
+func HSTS(ctx web.Context) error {
+	ctx.Response().SetHeader("Strict-Transport-Security", "max-age=63072000; includeSubDomains; preload")
+	return ctx.Next()
+}