From 8476c90bbf84496f1d05c1bfbf875d2b77cf01b1 Mon Sep 17 00:00:00 2001
From: Mark Spicer <mspicer@squarespace.com>
Date: Wed, 15 Nov 2017 23:27:57 -0500
Subject: [PATCH] Set the redirect handler for lets encrypt.

This commit sets the http handler to the redirect function for let's encrypt
enabled drone instances. In addition, the `Strict-Transport-Security` header is
added to the redirect given `header.Secure` will only be added for gin routes.

This commit resolves #2261.
---
 cmd/drone-server/server.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/cmd/drone-server/server.go b/cmd/drone-server/server.go
index c53488b8e..d9c081ff8 100644
--- a/cmd/drone-server/server.go
+++ b/cmd/drone-server/server.go
@@ -565,7 +565,7 @@ func server(c *cli.Context) error {
 	// start the server with lets encrypt enabled
 	// listen on ports 443 and 80
 	g.Go(func() error {
-		return http.ListenAndServe(":http", handler)
+		return http.ListenAndServe(":http", http.HandlerFunc(redirect))
 	})
 
 	g.Go(func() error {
@@ -681,6 +681,9 @@ func redirect(w http.ResponseWriter, req *http.Request) {
 	serverHost = strings.TrimPrefix(serverHost, "https://")
 	req.URL.Scheme = "https"
 	req.URL.Host = serverHost
+
+	w.Header().Set("Strict-Transport-Security", "max-age=31536000")
+
 	http.Redirect(w, req, req.URL.String(), http.StatusMovedPermanently)
 }