Add HSTS command line flag

This commit is contained in:
spikecodes 2021-03-20 22:10:31 -07:00
parent 966e0ce921
commit 4c66e75f6b
No known key found for this signature in database
GPG key ID: 004CECFF9B463BCB
3 changed files with 25 additions and 20 deletions

View file

@ -3,7 +3,7 @@ name = "libreddit"
description = " Alternative private front-end to Reddit"
license = "AGPL-3.0"
repository = "https://github.com/spikecodes/libreddit"
version = "0.5.5"
version = "0.6.0"
authors = ["spikecodes <19519553+spikecodes@users.noreply.github.com>"]
edition = "2018"

View file

@ -73,11 +73,8 @@ async fn resource(body: &str, content_type: &str, cache: bool) -> Result<Respons
.unwrap_or_default();
if cache {
match HeaderValue::from_str("public, max-age=1209600, s-maxage=86400") {
Ok(val) => {
res.headers_mut().insert("Cache-Control", val);
}
Err(_) => (),
if let Ok(val) = HeaderValue::from_str("public, max-age=1209600, s-maxage=86400") {
res.headers_mut().insert("Cache-Control", val);
}
}
@ -114,11 +111,20 @@ async fn main() {
.help("Redirect all HTTP requests to HTTPS (no longer functional)")
.takes_value(false),
)
.arg(
Arg::with_name("hsts")
.short("H")
.long("hsts")
.value_name("EXPIRE_TIME")
.help("HSTS header to tell browsers that this site should only be accessed over HTTPS")
.default_value("604800")
.takes_value(true),
)
.get_matches();
let address = matches.value_of("address").unwrap_or("0.0.0.0");
let port = matches.value_of("port").unwrap_or("8080");
let _force_https = matches.is_present("redirect-https");
let hsts = matches.value_of("hsts");
let listener = format!("{}:{}", address, port);
@ -135,6 +141,12 @@ async fn main() {
"Content-Security-Policy" => "default-src 'none'; manifest-src 'self'; media-src 'self'; style-src 'self' 'unsafe-inline'; base-uri 'none'; img-src 'self' data:; form-action 'self'; frame-ancestors 'none';"
};
if let Some(expire_time) = hsts {
if let Ok(val) = HeaderValue::from_str(&format!("max-age={}", expire_time)) {
app.default_headers.insert("Strict-Transport-Security", val);
}
}
// Read static files
app.at("/style.css").get(|_| resource(include_str!("../static/style.css"), "text/css", false).boxed());
app

View file

@ -28,9 +28,8 @@ macro_rules! headers(
{
let mut m = hyper::HeaderMap::new();
$(
match hyper::header::HeaderValue::from_str($value) {
Ok(val) => { m.insert($key, val); }
Err(_) => ()
if let Ok(val) = hyper::header::HeaderValue::from_str($value) {
m.insert($key, val);
}
)+
m
@ -96,11 +95,8 @@ impl ResponseExt for Response<Body> {
}
fn insert_cookie(&mut self, cookie: Cookie) {
match HeaderValue::from_str(&cookie.to_string()) {
Ok(val) => {
self.headers_mut().append("Set-Cookie", val);
}
Err(_) => (),
if let Ok(val) = HeaderValue::from_str(&cookie.to_string()) {
self.headers_mut().append("Set-Cookie", val);
}
}
@ -108,11 +104,8 @@ impl ResponseExt for Response<Body> {
let mut cookie = Cookie::named(name);
cookie.set_path("/");
cookie.set_max_age(Duration::second());
match HeaderValue::from_str(&cookie.to_string()) {
Ok(val) => {
self.headers_mut().append("Set-Cookie", val);
}
Err(_) => (),
if let Ok(val) = HeaderValue::from_str(&cookie.to_string()) {
self.headers_mut().append("Set-Cookie", val);
}
}
}