feat: better helmet implementation of hsts.

amlel-el-mahrouss · amlel-el-mahrouss · commit 10c0cb534bcc · 2025-12-25T15:39:54.000+01:00
Signed-off-by: Amlal El Mahrouss &lt;amlal@nekernel.org&gt;
diff --git a/include/boost/http_proto/server/helmet.hpp b/include/boost/http_proto/server/helmet.hpp
@@ -207,6 +207,8 @@ enum class cross_domain_policy_type
 /** Groups the hsts constants here. */
 namespace hsts {
     inline static constexpr bool preload = true;
+    inline static constexpr bool no_preload = false;
+    inline static constexpr bool no_subdomains = false;
     inline static constexpr bool include_subdomains = true;
     inline static constexpr size_t default_age = 31536000;
 }
@@ -329,7 +331,15 @@ option_pair x_content_type_options();
 
 option_pair content_security_policy(const helmet::csp_policy& sp);
 
-option_pair strict_transport_security(const std::size_t age, const bool include_domains = true, const bool preload = false);
+/** Return HSTS configuration for the host.
+    @param include_subdomains either include_domains or no_subdomains
+    @param preload either preload or no_preload
+    @note use the hsts namespace to set those function values.
+    @return the option_pair to pass to the helmet.
+*/
+option_pair strict_transport_security(std::size_t age, 
+        bool include_subdomains = hsts::include_subdomains, 
+        bool preload = hsts::no_preload);
 
 option_pair cross_origin_opener_policy(const coop_policy_type& policy = coop_policy_type::same_origin);
 
diff --git a/src/server/helmet.cpp b/src/server/helmet.cpp
@@ -373,7 +373,7 @@ option_pair cross_origin_embedder_policy(const coep_policy_type& policy)
     return {"Cross-Origin-Embedder-Policy", {value}};
 }
 
-option_pair strict_transport_security(const std::size_t age, const bool include_domains, const bool preload)
+option_pair strict_transport_security(std::size_t age, bool include_domains, bool preload)
 {
     std::string value = "max-age=" + std::to_string(age);
 
diff --git a/test/unit/server/helmet.cpp b/test/unit/server/helmet.cpp
@@ -252,9 +252,9 @@ struct helmet_test
             helmet_options opt;
             helmet::csp_policy csp;
 
-            csp.append("default-src", csp_type::self);
-            csp.append("script-src", csp_type::self);
-            csp.append("style-src", csp_type::self);
+            csp.allow("default-src", csp_type::self)
+                .allow("script-src", csp_type::self)
+                .allow("style-src", csp_type::self);
 
             opt.set(content_security_policy(csp));
 

Original file line number	Diff line number	Diff line change
`@@ -373,7 +373,7 @@ option_pair cross_origin_embedder_policy(const coep_policy_type& policy)`
`373`	`373`	`return {"Cross-Origin-Embedder-Policy", {value}};`
`374`	`374`	`}`
`375`	`375`
`376`		`-option_pair strict_transport_security(const std::size_t age, const bool include_domains, const bool preload)`
	`376`	`+option_pair strict_transport_security(std::size_t age, bool include_domains, bool preload)`
`377`	`377`	`{`
`378`	`378`	`std::string value = "max-age=" + std::to_string(age);`
`379`	`379`