From 65ffc37549bda8a96e24ee0d9d2305d1f2bd452b Mon Sep 17 00:00:00 2001
From: realaravinth <realaravinth@batsense.net>
Date: Thu, 5 Aug 2021 21:05:27 +0530
Subject: [PATCH] strict transport policy heaer

---
 config/default.toml                     | 4 ++++
 src/settings.rs                         | 1 +
 templates/components/headers/csp.html   | 2 --
 templates/components/headers/https.html | 3 +++
 templates/components/headers/index.html | 3 +++
 5 files changed, 11 insertions(+), 2 deletions(-)
 create mode 100644 templates/components/headers/https.html

diff --git a/config/default.toml b/config/default.toml
index f1d95305..843f02b0 100644
--- a/config/default.toml
+++ b/config/default.toml
@@ -14,6 +14,10 @@ ip= "0.0.0.0"
 # enter your hostname, eg: example.com
 domain = "localhost"
 allow_registration = true
+# Set true if you have setup TLS with a reverse proxy like Nginx.
+# Does HTTPS redirect and sends additional headers that can only be used if
+# HTTPS available to improve security
+proxy_has_tls = false
 #url_prefix = ""
 
 [pow]
diff --git a/src/settings.rs b/src/settings.rs
index dd804713..80757ad5 100644
--- a/src/settings.rs
+++ b/src/settings.rs
@@ -30,6 +30,7 @@ pub struct Server {
     pub cookie_secret: String,
     pub ip: String,
     pub url_prefix: Option<String>,
+    pub proxy_has_tls: bool,
 }
 
 #[derive(Debug, Clone, Deserialize)]
diff --git a/templates/components/headers/csp.html b/templates/components/headers/csp.html
index 8e1e2de9..b53d1641 100644
--- a/templates/components/headers/csp.html
+++ b/templates/components/headers/csp.html
@@ -1,6 +1,4 @@
-<!--
 <meta
   http-equiv="Content-Security-Policy"
   content="default-src 'self' *.mcaptcha.org mcaptcha.org mcaptcha.io *.mcaptcha.io; img-src 'self'; style-src 'self'; child-src 'none'; script-src 'self';"
 />
--->
diff --git a/templates/components/headers/https.html b/templates/components/headers/https.html
new file mode 100644
index 00000000..4372aef1
--- /dev/null
+++ b/templates/components/headers/https.html
@@ -0,0 +1,3 @@
+<meta
+  http-equiv="Strict-Transport-Security" content="max-age=63072000"
+/>
diff --git a/templates/components/headers/index.html b/templates/components/headers/index.html
index b3b4824a..0e4b6a84 100644
--- a/templates/components/headers/index.html
+++ b/templates/components/headers/index.html
@@ -4,5 +4,8 @@
 	<. include!("./preview-data.html"); .>
 	<. include!("./favicon.html"); .>
     <. include!("./csp.html"); .>
+    <. if crate::SETTINGS.server.proxy_has_tls { .>
+        <. include!("./https.html"); .>
+    <.  } .>
   </head>
 <body class="layout">