Merge pull request #8 from nvie/master

Don't send HSTS headers over non-HTTPS connections
2026-06-05 23:00:19 +00:00 · 2014-01-08 11:09:27 -08:00
parent dcbaccb2e9 0a8a866145
commit 6217898a50
1 changed files with 2 additions and 1 deletions
@@ -54,5 +54,6 @@ class SSLify(object):

    def set_hsts_header(self, response):
        """Adds HSTS header to each response."""
-        response.headers.setdefault('Strict-Transport-Security', self.hsts_header)
+        if request.is_secure:
+            response.headers.setdefault('Strict-Transport-Security', self.hsts_header)
        return response