From 37b0617e78fa4277f39b62f749315639ab7b5982 Mon Sep 17 00:00:00 2001
From: MrMelon54 <github@mrmelon54.com>
Date: Fri, 3 Nov 2023 08:09:29 +0000
Subject: [PATCH] Add HSTS header

---
 servers/https.go | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/servers/https.go b/servers/https.go
index 7a9af86..2f90c6b 100644
--- a/servers/https.go
+++ b/servers/https.go
@@ -26,8 +26,11 @@ func NewHttpsServer(conf *conf.Conf) *http.Server {
 	rateLimiter := setupRateLimiter(conf.RateLimit, favMiddleware)
 
 	return &http.Server{
-		Addr:    conf.HttpsListen,
-		Handler: rateLimiter,
+		Addr: conf.HttpsListen,
+		Handler: http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
+			rw.Header().Set("Strict-Transport-Security", "max-age=63072000; includeSubDomains")
+			rateLimiter.ServeHTTP(rw, req)
+		}),
 		TLSConfig: &tls.Config{GetCertificate: func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
 			// error out on invalid domains
 			if !conf.Domains.IsValid(info.ServerName) {