Add a header Strict-Transport-Security to the response

example/admin/middlewares.go

@@ -36,6 +36,16 @@ func withRoles(db *gorm.DB) func(next http.Handler) http.Handler {
 	}
 }
 
+func securityMiddleware() func(next http.Handler) http.Handler {
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
+			w.Header().Add("Strict-Transport-Security", "max-age=31536000; includeSubDomains")
+
+			next.ServeHTTP(w, req)
+		})
+	}
+}
+
 func withNoteContext() func(next http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {

example/admin/router.go

@@ -32,10 +32,10 @@ func Router() http.Handler {
 	// :host {
 	//	all: initial;
 	//	display: block;
-	//div {
+	// div {
 	//	background-color:orange;
-	//}
-	//`)))
+	// }
+	// `)))
 
 	mux.Handle("/page_builder/", c.pageBuilder)
 	// example of seo
@@ -72,6 +72,7 @@ func Router() http.Handler {
 		isOAuthInfoCompleted(),
 		withRoles(db),
 		withNoteContext(),
+		securityMiddleware(),
 	)
 	cr.Mount("/", mux)
 	return cr