[Gnustep-cvs] r40408 - in /libs/webserver/trunk: WebServer.h WebServer.m WebServerConnection.m

Wed, 22 Mar 2017 04:57:17 -0700 

Author: rfm
Date: Wed Mar 22 12:56:58 2017
New Revision: 40408

URL: http://svn.gna.org/viewcvs/gnustep?rev=40408&view=rev
Log:
Enable HSTS for 7 days by default.  Add methods to get/set HSTS max-age value.

Modified:
    libs/webserver/trunk/WebServer.h
    libs/webserver/trunk/WebServer.m
    libs/webserver/trunk/WebServerConnection.m

Modified: libs/webserver/trunk/WebServer.h
URL: 
http://svn.gna.org/viewcvs/gnustep/libs/webserver/trunk/WebServer.h?rev=40408&r1=40407&r2=40408&view=diff
==============================================================================
--- libs/webserver/trunk/WebServer.h    (original)
+++ libs/webserver/trunk/WebServer.h    Wed Mar 22 12:56:58 2017
@@ -440,6 +440,7 @@
   NSMutableDictionary   *_userInfoMap;
   NSLock                *_incrementalDataLock;
   NSMutableDictionary   *_incrementalDataMap;
+  NSUInteger            _strictTransportSecurity;
   void                 *_reserved;
 }
 
@@ -974,6 +975,16 @@
 - (void) setSecureProxy: (BOOL)aFlag;
 
 /**
+ * Specifies the number of seconds HSTS is to be turned on for when responding
+ * to a request on a secure connection (including via a secure proxy).<br />
+ * The Strict-Transport-Security header is automatically set in the response
+ * to any incoming request (but code handling the request may alter that).<br 
/>
+ * The default setting is 7 days (604800 seconds), while a setting of zero
+ * turns off HSTS.
+ */
+- (void) setStrictTransportSecurity: (NSUInteger)seconds;
+
+/**
  * Sets the maximum recursion depth allowed for substitutions into
  * templates.  This defaults to 4.
  */
@@ -1037,6 +1048,13 @@
  * </p>
  */
 - (BOOL) streamData: (NSData*)data withResponse: (WebServerResponse*)response;
+
+/**
+ * Returns the number of seconds set for HSTS for this server.<br />
+ * This will be zero if the server is not using a secure connection or
+ * if HSTS has been disabled by the -setStrictTransportSecurity: method.
+ */
+- (NSUInteger) strictTransportSecurity;
 
 /**
  * Perform substitutions replacing the markup in aTemplate with the

Modified: libs/webserver/trunk/WebServer.m
URL: 
http://svn.gna.org/viewcvs/gnustep/libs/webserver/trunk/WebServer.m?rev=40408&r1=40407&r2=40408&view=diff
==============================================================================
--- libs/webserver/trunk/WebServer.m    (original)
+++ libs/webserver/trunk/WebServer.m    Wed Mar 22 12:56:58 2017
@@ -1649,6 +1649,11 @@
     }
 }
 
+- (void) setStrictTransportSecurity: (NSUInteger)seconds
+{
+  _strictTransportSecurity = seconds;
+}
+
 - (void) setConnectionTimeout: (NSTimeInterval)aDelay
 {
   if (aDelay != _connectionTimeout)
@@ -1837,6 +1842,11 @@
       [connection release];
       return YES;
     }
+}
+
+- (NSUInteger) strictTransportSecurity
+{
+  return _strictTransportSecurity;
 }
 
 - (BOOL) substituteFrom: (NSString*)aTemplate
@@ -2617,6 +2627,7 @@
   _userInfoMap = [NSMutableDictionary new];
   _incrementalDataLock = [NSLock new];
   _userInfoLock = [NSLock new];
+  _strictTransportSecurity = 604800;    // Default is 7 days
 
   /* We need a timer so that the main thread can handle connection
    * timeouts.

Modified: libs/webserver/trunk/WebServerConnection.m
URL: 
http://svn.gna.org/viewcvs/gnustep/libs/webserver/trunk/WebServerConnection.m?rev=40408&r1=40407&r2=40408&view=diff
==============================================================================
--- libs/webserver/trunk/WebServerConnection.m  (original)
+++ libs/webserver/trunk/WebServerConnection.m  Wed Mar 22 12:56:58 2017
@@ -1084,8 +1084,20 @@
 {
   if (nil == response)
     {
+      NSUInteger        seconds = [server strictTransportSecurity];
+
       response = [WebServerResponse allocWithZone: NSDefaultMallocZone()];
       response = [response initWithConnection: self];
+      if (seconds > 0)
+        {
+          NSString      *value;
+
+          value = [NSString stringWithFormat: @"max-age=%lu",
+            (unsigned long)seconds];
+         [response setHeader: @"Strict-Transport-Security"
+                        value: value
+                   parameters: nil];
+        }
     }
   return response;
 }


_______________________________________________
Gnustep-cvs mailing list
Gnustep-cvs@gna.org
https://mail.gna.org/listinfo/gnustep-cvs

Reply via email to