strict transport policy heaer

config/default.toml

@@ -14,6 +14,10 @@ ip= "0.0.0.0"
 # enter your hostname, eg: example.com
 domain = "localhost"
 allow_registration = true
+# Set true if you have setup TLS with a reverse proxy like Nginx.
+# Does HTTPS redirect and sends additional headers that can only be used if
+# HTTPS available to improve security
+proxy_has_tls = false
 #url_prefix = ""
 
 [pow]

src/settings.rs

@@ -30,6 +30,7 @@ pub struct Server {
     pub cookie_secret: String,
     pub ip: String,
     pub url_prefix: Option<String>,
+    pub proxy_has_tls: bool,
 }
 
 #[derive(Debug, Clone, Deserialize)]

templates/components/headers/csp.html

@@ -1,6 +1,4 @@
-<!--
 <meta
   http-equiv="Content-Security-Policy"
   content="default-src 'self' *.mcaptcha.org mcaptcha.org mcaptcha.io *.mcaptcha.io; img-src 'self'; style-src 'self'; child-src 'none'; script-src 'self';"
 />
--->

templates/components/headers/https.html

@@ -0,0 +1,3 @@
+<meta
+  http-equiv="Strict-Transport-Security" content="max-age=63072000"
+/>

templates/components/headers/index.html

@@ -4,5 +4,8 @@
 	<. include!("./preview-data.html"); .>
 	<. include!("./favicon.html"); .>
     <. include!("./csp.html"); .>
+    <. if crate::SETTINGS.server.proxy_has_tls { .>
+        <. include!("./https.html"); .>
+    <.  } .>
   </head>
 <body class="layout">