/hsts

Go HTTP Strict Transport Security library

Primary LanguageGoApache License 2.0Apache-2.0

HTTP Strict Transport Security (HSTS)

Build Status Godoc

http RoundTripper implementing HTTP Strict Transport Security (RFC 6797) with sites preloaded from Chromium using go generate.

Install:

go get github.com/StalkR/hsts

Usage (taken from the example in godoc):

client := http.DefaultClient
// Wrap around the client's transport to add HSTS support.
client.Transport = hsts.New(client.Transport)

// Assuming example.com has set up HSTS, we learn it at the first HTTPS request.
resp, err := client.Get("https://example.com")
if err != nil {
	log.Fatal(err)
}
defer resp.Body.Close()

// So that any following request made in insecure HTTP would go in HTTPS.
resp, err = client.Get("http://example.com") // will become HTTPS
if err != nil {
	log.Fatal(err)
}
defer resp.Body.Close()

Bugs, comments, questions: create a new issue.