metavige/Global.asax.cs

## Global.asax.cs
public class WebApiApplication : System.Web.HttpApplication
{
  protected void Application_BeginRequest(Object sender, EventArgs e)
  {
    if (!Request.IsLocal)
    {
      switch (Request.Url.Scheme)
      {
        case "http":
          if (Uri.UriSchemeHttps != Request.Headers.Get("X-Forwarded-Proto"))
          {
            var path = "https://" + Request.Url.Host + Request.Url.PathAndQuery;
            Response.Status = "301 Moved Permanently";
            Response.AddHeader("Location", path);
            return;
          }
          break;
        default:
          break;
      }
      // 參考 Wiki 定義 https://www.wikiwand.com/zh-tw/HTTP%E4%B8%A5%E6%A0%BC%E4%BC%A0%E8%BE%93%E5%AE%89%E5%85%A8
      // 加入這個 Header，讓瀏覽器可以自行強制用戶端用 HTTPS 與伺服器連接
      // max-age 的設定是一年
      Response.AddHeader("Strict-Transport-Security", "max-age=31536000; includeSubDomains");
    }
  }
}
	public class WebApiApplication : System.Web.HttpApplication
	{
	protected void Application_BeginRequest(Object sender, EventArgs e)
	{
	if (!Request.IsLocal)
	{
	switch (Request.Url.Scheme)
	{
	case "http":
	if (Uri.UriSchemeHttps != Request.Headers.Get("X-Forwarded-Proto"))
	{
	var path = "https://" + Request.Url.Host + Request.Url.PathAndQuery;
	Response.Status = "301 Moved Permanently";
	Response.AddHeader("Location", path);
	return;
	}
	break;
	default:
	break;
	}
	// 參考 Wiki 定義 https://www.wikiwand.com/zh-tw/HTTP%E4%B8%A5%E6%A0%BC%E4%BC%A0%E8%BE%93%E5%AE%89%E5%85%A8
	// 加入這個 Header，讓瀏覽器可以自行強制用戶端用 HTTPS 與伺服器連接
	// max-age 的設定是一年
	Response.AddHeader("Strict-Transport-Security", "max-age=31536000; includeSubDomains");
	}
	}
	}