From c298fba774ce907258434cae245fc2866eb331f2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=87=8C=E6=B6=9B?= <lingtao@bilibili.com>
Date: Wed, 29 Sep 2021 16:37:12 +0800
Subject: [PATCH] Support HSTS in Clickhouse HTTP server

---
 src/Server/StaticRequestHandler.cpp | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/Server/StaticRequestHandler.cpp b/src/Server/StaticRequestHandler.cpp
index 19b91ae9c42..dae93744c35 100644
--- a/src/Server/StaticRequestHandler.cpp
+++ b/src/Server/StaticRequestHandler.cpp
@@ -101,7 +101,17 @@ static inline void trySendExceptionToClient(
 
 void StaticRequestHandler::handleRequest(HTTPServerRequest & request, HTTPServerResponse & response)
 {
-    auto keep_alive_timeout = server.config().getUInt("keep_alive_timeout", 10);
+    const auto & config = server.config();
+    auto keep_alive_timeout = config.getUInt("keep_alive_timeout", 10);
+    size_t hsts_max_age = config.getUInt64("hsts_max_age", 0);
+
+    if (hsts_max_age > 0)
+    {
+        std::stringstream ss;
+        ss << "max-age=" << hsts_max_age;
+        response.add("Strict-Transport-Security", ss.str());
+    }
+
     const auto & out = responseWriteBuffer(request, response, keep_alive_timeout);
 
     try