From 331cf6ada1e4df51b366c79126e094ee335dd684 Mon Sep 17 00:00:00 2001
From: William Pitcock <nenolod@dereferenced.org>
Date: Sun, 11 Nov 2018 06:50:28 +0000
Subject: [PATCH] csp plug: add sts support

---
 lib/pleroma/plugs/csp_plug.ex | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/lib/pleroma/plugs/csp_plug.ex b/lib/pleroma/plugs/csp_plug.ex
index 15d466c36..56f2376ee 100644
--- a/lib/pleroma/plugs/csp_plug.ex
+++ b/lib/pleroma/plugs/csp_plug.ex
@@ -1,10 +1,17 @@
 defmodule Pleroma.Plugs.CSPPlug do
+  alias Pleroma.Config
   import Plug.Conn
 
   def init(opts), do: opts
 
   def call(conn, options) do
-    conn = merge_resp_headers(conn, headers())
+    if Config.get([:csp, :enabled]) do
+      conn =
+        merge_resp_headers(conn, headers())
+        |> maybe_send_sts_header(Config.get([:csp, :sts]))
+    else
+      conn
+    end
   end
 
   defp headers do
@@ -35,4 +42,14 @@ defp csp_string do
     ]
     |> Enum.join("; ")
   end
+
+  defp maybe_send_sts_header(conn, true) do
+    max_age = Config.get([:csp, :sts_max_age])
+
+    merge_resp_headers(conn, [
+      {"strict-transport-security", "max-age=#{max_age}; includeSubDomains"}
+    ])
+  end
+
+  defp maybe_send_sts_header(conn, _), do: conn
 end