Skip to content

Instantly share code, notes, and snippets.

@metavige
Last active December 8, 2017 06:12
Show Gist options
  • Save metavige/ede8bf28385463e1d59267cde16a5fa8 to your computer and use it in GitHub Desktop.
Save metavige/ede8bf28385463e1d59267cde16a5fa8 to your computer and use it in GitHub Desktop.
force https using X-Forwarded-Proto
public class WebApiApplication : System.Web.HttpApplication
{
protected void Application_BeginRequest(Object sender, EventArgs e)
{
if (!Request.IsLocal)
{
switch (Request.Url.Scheme)
{
case "http":
if (Uri.UriSchemeHttps != Request.Headers.Get("X-Forwarded-Proto"))
{
var path = "https://" + Request.Url.Host + Request.Url.PathAndQuery;
Response.Status = "301 Moved Permanently";
Response.AddHeader("Location", path);
return;
}
break;
default:
break;
}
// 參考 Wiki 定義 https://www.wikiwand.com/zh-tw/HTTP%E4%B8%A5%E6%A0%BC%E4%BC%A0%E8%BE%93%E5%AE%89%E5%85%A8
// 加入這個 Header,讓瀏覽器可以自行強制用戶端用 HTTPS 與伺服器連接
// max-age 的設定是一年
Response.AddHeader("Strict-Transport-Security", "max-age=31536000; includeSubDomains");
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment