v0.5.1

Author: MXWXZ

CHANGELOG.md

@@ -1,3 +1,7 @@
+# 0.5.1
+## Changes
+1. Revert 0.5.0 `set_default_hsts` changes.
+
 # 0.5.0
 ## Breaking changes
 1. `set_default_hsts` is removed, now is default.

actix-cloud/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "actix-cloud"
-version = "0.5.0"
+version = "0.5.1"
 edition = "2021"
 authors = ["MXWXZ <matrixwxz@gmail.com>"]
 description = "Actix Cloud is an all-in-one web framework based on Actix Web."

actix-cloud/src/security.rs

@@ -125,12 +125,19 @@ impl Default for SecurityHeader {
             x_xss_protection: XXSSProtection::EnableBlock,
             cross_origin_opener_policy: CrossOriginOpenerPolicy::SameOrigin,
             content_security_policy: String::from("default-src 'none'; script-src 'none'; object-src 'none'; base-uri 'none'; form-action 'none'; frame-ancestors 'none'"),
-            strict_transport_security: Some(StrictTransportSecurity::Preload(31536000)),
+            strict_transport_security: None,
         }
     }
 }
 
 impl SecurityHeader {
+    /// Set default HSTS to 1 year, includeSubDomains and preload.
+    ///
+    /// `max-age=31536000; includeSubDomains; preload`
+    pub fn set_default_hsts(&mut self) {
+        self.strict_transport_security = Some(StrictTransportSecurity::Preload(31536000));
+    }
+
     pub fn build(self) -> middleware::DefaultHeaders {
         let mut ret = middleware::DefaultHeaders::new()
             .add(("X-Content-Type-Options", "nosniff"))