From bd5407d679650370c39bd5e672118124edb5e76c Mon Sep 17 00:00:00 2001
From: Till Maas <opensource@till.name>
Date: Wed, 4 Feb 2015 12:10:33 +0100
Subject: [PATCH] Add HSTS header to bodhi, elections, fas, pkgdb

Seems like this needs to be configured in the reverse proxy config as it
is done for id.
---
 roles/httpd/reverseproxy/templates/reversepassproxy.bodhi.conf  | 2 ++
 .../reverseproxy/templates/reversepassproxy.elections.conf      | 2 ++
 roles/httpd/reverseproxy/templates/reversepassproxy.fas.conf    | 2 ++
 roles/httpd/reverseproxy/templates/reversepassproxy.pkgdb.conf  | 2 ++
 4 files changed, 8 insertions(+)

diff --git a/roles/httpd/reverseproxy/templates/reversepassproxy.bodhi.conf b/roles/httpd/reverseproxy/templates/reversepassproxy.bodhi.conf
index bbb254330d..4cfa0a35d5 100644
--- a/roles/httpd/reverseproxy/templates/reversepassproxy.bodhi.conf
+++ b/roles/httpd/reverseproxy/templates/reversepassproxy.bodhi.conf
@@ -4,3 +4,5 @@ Header unset Set-Cookie
 
 ProxyPass {{localpath}} {{proxyurl}}{{remotepath}}
 ProxyPassReverse {{localpath}} {{proxyurl}}{{remotepath}}
+
+Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
diff --git a/roles/httpd/reverseproxy/templates/reversepassproxy.elections.conf b/roles/httpd/reverseproxy/templates/reversepassproxy.elections.conf
index b1c1a3a2d5..d9c3efc5e7 100644
--- a/roles/httpd/reverseproxy/templates/reversepassproxy.elections.conf
+++ b/roles/httpd/reverseproxy/templates/reversepassproxy.elections.conf
@@ -8,3 +8,5 @@ Header unset Set-Cookie
 
 ProxyPass {{localpath}} {{proxyurl}}{{remotepath}}
 ProxyPassReverse {{localpath}} {{proxyurl}}{{remotepath}}
+
+Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
diff --git a/roles/httpd/reverseproxy/templates/reversepassproxy.fas.conf b/roles/httpd/reverseproxy/templates/reversepassproxy.fas.conf
index beb69201b5..7048e74879 100644
--- a/roles/httpd/reverseproxy/templates/reversepassproxy.fas.conf
+++ b/roles/httpd/reverseproxy/templates/reversepassproxy.fas.conf
@@ -10,3 +10,5 @@ ProxyPassReverse /accounts/user/dogencert http://fas1/
 
 ProxyPass {{localpath}} {{proxyurl}}{{remotepath}}
 ProxyPassReverse {{localpath}} {{proxyurl}}{{remotepath}}
+
+Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
diff --git a/roles/httpd/reverseproxy/templates/reversepassproxy.pkgdb.conf b/roles/httpd/reverseproxy/templates/reversepassproxy.pkgdb.conf
index c1cf163030..b89e28384d 100644
--- a/roles/httpd/reverseproxy/templates/reversepassproxy.pkgdb.conf
+++ b/roles/httpd/reverseproxy/templates/reversepassproxy.pkgdb.conf
@@ -37,3 +37,5 @@ Header unset Set-Cookie
 
 ProxyPass {{localpath}} {{proxyurl}}{{remotepath}}
 ProxyPassReverse {{localpath}} {{proxyurl}}{{remotepath}}
+
+Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"