HTTP Strict Transport Security (HSTS)

August 9, 2022 ยท View on GitHub

Build Status Godoc

http RoundTripper implementing HTTP Strict Transport Security (RFC 6797) with sites preloaded from Chromium using go generate.

Install:

go get github.com/StalkR/hsts

Usage (taken from the example in godoc):

client := http.DefaultClient
// Wrap around the client's transport to add HSTS support.
client.Transport = hsts.New(client.Transport)

// Assuming example.com has set up HSTS, we learn it at the first HTTPS request.
resp, err := client.Get("https://example.com")
if err != nil {
	log.Fatal(err)
}
defer resp.Body.Close()

// So that any following request made in insecure HTTP would go in HTTPS.
resp, err = client.Get("http://example.com") // will become HTTPS
if err != nil {
	log.Fatal(err)
}
defer resp.Body.Close()

Bugs, comments, questions: create a new issue.