Do not send the HSTS header if tls is not enabled in the server context.

2021-04-07 11:57:45 +02:00 · 2021-04-07 11:57:45 +02:00 · b6570e10a9
parent cc276e2471
commit b6570e10a9
1 changed files with 1 additions and 1 deletions
--- a/src/http.c
+++ b/src/http.c
@ -2138,7 +2138,7 @@ http_response_normal(struct http_request *req, struct connection *c,
 		}
 	}

-	if (http_hsts_enable) {
+	if (c->ssl && http_hsts_enable) {
 		kore_buf_appendf(header_buf, "strict-transport-security: ");
 		kore_buf_appendf(header_buf,
 		    "max-age=%" PRIu64 "; includeSubDomains\r\n",