From 0a8a86614590c883935262173db215bec0c2998f Mon Sep 17 00:00:00 2001
From: Vincent Driessen <vincent@3rdcloud.com>
Date: Fri, 26 Oct 2012 22:41:22 +0200
Subject: [PATCH] Don't send HSTS headers over non-HTTPS connections.

This fixes #6.
---
 flask_sslify.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/flask_sslify.py b/flask_sslify.py
index 0e30f5b..d1e2cb2 100644
--- a/flask_sslify.py
+++ b/flask_sslify.py
@@ -51,7 +51,8 @@ class SSLify(object):
 
     def set_hsts_header(self, response):
         """Adds HSTS header to each response."""
-        response.headers.setdefault('Strict-Transport-Security', self.hsts_header)
+        if request.is_secure:
+            response.headers.setdefault('Strict-Transport-Security', self.hsts_header)
         return response