[Gnustep-cvs] r40409 - in /libs/webserver/trunk: WebServer.h WebServer.m

Wed, 22 Mar 2017 05:22:04 -0700 

Author: rfm
Date: Wed Mar 22 13:21:30 2017
New Revision: 40409

URL: http://svn.gna.org/viewcvs/gnustep?rev=40409&view=rev
Log:
Allow setting HSTS age in the 'secure' config dictionary.

Modified:
    libs/webserver/trunk/WebServer.h
    libs/webserver/trunk/WebServer.m

Modified: libs/webserver/trunk/WebServer.h
URL: 
http://svn.gna.org/viewcvs/gnustep/libs/webserver/trunk/WebServer.h?rev=40409&r1=40408&r2=40409&view=diff
==============================================================================
--- libs/webserver/trunk/WebServer.h    (original)
+++ libs/webserver/trunk/WebServer.h    Wed Mar 22 13:21:30 2017
@@ -793,11 +793,16 @@
  * If anAddress is nil or empty, the receiver will listen on
  * all available network interfaces.<br />
  * If secure is nil then the receiver listens on aPort for HTTP requests.<br />
- * If secure is not nil, the receiver listens for HTTPS instead.<br />
- * If secure is a dictionary containing <code>CertificateFile</code>,
- * <code>KeyFile</code> and <code>Password</code> then the server will
- * use the specified certificate and key files (which it will access
- * using the password).<br />
+ * If secure is a dictionary, it must either contain <code>Proxy</code>
+ * with the value set to <code>YES</code> (to configure the receiver to
+ * accept HTTP connections but treat them as coming via a secure proxy),
+ * or it must contain <code>CertificateFile</code>,
+ * <code>KeyFile</code> and <code>Password</code> to configure the server
+ * to use the specified certificate and key files (which it will access
+ * using the password) to support HTTPS rather than HTTP.<br />
+ * If the dictionary also contains <code>HSTS</code> then this must be a
+ * non-negative integer value specifying the number of seconds to set
+ * in the Strict-Transport-Security header (defaults to 7 days).<br />
  * The <em>secure</em> dictionary may also contain other dictionaries
  * keyed on IP addresses, and if the address that an incoming connection
  * arrived on matches the key of a dictionary, that dictionary is used

Modified: libs/webserver/trunk/WebServer.m
URL: 
http://svn.gna.org/viewcvs/gnustep/libs/webserver/trunk/WebServer.m?rev=40409&r1=40408&r2=40409&view=diff
==============================================================================
--- libs/webserver/trunk/WebServer.m    (original)
+++ libs/webserver/trunk/WebServer.m    Wed Mar 22 13:21:30 2017
@@ -1345,6 +1345,7 @@
 {
   CREATE_AUTORELEASE_POOL(pool);
   BOOL ok = YES;
+  BOOL  proxy = NO;
   BOOL update = NO;
 
   if ([anAddress length] == 0)
@@ -1363,6 +1364,22 @@
     {
       update = YES;
     }
+
+  if ([secure objectForKey: @"HSTS"] != nil)
+    {
+      NSUInteger        seconds;
+
+      seconds = (NSUInteger)[[secure objectForKey: @"HSTS"] integerValue];
+      [self setStrictTransportSecurity: seconds];
+    }
+
+  if (YES == [[secure objectForKey: @"Proxy"] boolValue])
+    {
+      proxy = YES;
+      secure = nil;
+    }
+  [self setSecureProxy: proxy];
+
   if ((secure == nil && _sslConfig != nil)
     || (secure != nil && [secure isEqual: _sslConfig] == NO))
     {


_______________________________________________
Gnustep-cvs mailing list
[email protected]
https://mail.gna.org/listinfo/gnustep-cvs

Reply via email to