From 0c35799ed1d161d1797b062b0ffb9b697072f5ae Mon Sep 17 00:00:00 2001
From: hylom <hylom@users.sourceforge.jp>
Date: Tue, 24 Oct 2017 18:49:37 +0900
Subject: [PATCH] add Hsts Plugin

---
 src/newslash_web/lib/Newslash/Plugin/Hsts.pm | 24 ++++++++++++++++++++++++
 src/newslash_web/lib/Newslash/Web.pm         |  3 +++
 2 files changed, 27 insertions(+)
 create mode 100644 src/newslash_web/lib/Newslash/Plugin/Hsts.pm

diff --git a/src/newslash_web/lib/Newslash/Plugin/Hsts.pm b/src/newslash_web/lib/Newslash/Plugin/Hsts.pm
new file mode 100644
index 00000000..b6942fc2
--- /dev/null
+++ b/src/newslash_web/lib/Newslash/Plugin/Hsts.pm
@@ -0,0 +1,24 @@
+package Newslash::Plugin::Hsts;
+use Mojo::Base 'Mojolicious::Plugin';
+use Mojo::URL;
+
+use constant MAX_AGE_DEFAULT => 7776000;
+
+sub register {
+    my ($self, $app, $conf) = @_;
+    $conf ||= {};
+    my $_conf = $app->config('Htst') || {};
+    my $opts = { %$conf, %$_conf };
+    my $max_age = defined $opts->{max_age} ? $opts->{max_age} : MAX_AGE_DEFAULT;
+
+    $app->hook(before_render => sub {
+                   my ($c, $args) = @_;
+                   return if !$c->req->is_secure;
+                   return if $c->tx->is_websocket;
+                   $c->res->headers->add('Strict-Transport-Security' => "max-age=$max_age");
+               });
+}
+
+
+
+1;
diff --git a/src/newslash_web/lib/Newslash/Web.pm b/src/newslash_web/lib/Newslash/Web.pm
index e6c3e3b6..71574044 100644
--- a/src/newslash_web/lib/Newslash/Web.pm
+++ b/src/newslash_web/lib/Newslash/Web.pm
@@ -130,6 +130,9 @@ sub startup {
     # set canocal (for test.srad.jp)
     $app->plugin('Newslash::Plugin::Canonical');
 
+    # use HSTS
+    $app->plugin('Newslash::Plugin::Hsts');
+
     # Event Que
     $app->plugin('Newslash::Plugin::EventQue');
 
-- 
2.11.0