From 976c745b28d8878444cd1d2fdbc802d3110ddbd0 Mon Sep 17 00:00:00 2001
From: Aidan Feldman <aidan.feldman@gmail.com>
Date: Tue, 15 Nov 2022 18:19:37 +0000
Subject: [PATCH] fix: enable strict transport security

---
 eligibility_server/app.py | 6 ++++++
 tests/test_app.py         | 1 +
 2 files changed, 7 insertions(+)

diff --git a/eligibility_server/app.py b/eligibility_server/app.py
index 54028a5c..d5865ccb 100644
--- a/eligibility_server/app.py
+++ b/eligibility_server/app.py
@@ -75,6 +75,12 @@ def internal_server_error(error):
     return jsonify(error=f"{error.code} {error.name}: Internal server error"), 500
 
 
+@app.after_request
+def enforce_strict_transport_security(response):
+    response.headers["Strict-Transport-Security"] = "max-age=31536000"
+    return response
+
+
 api = Api(app)
 api.add_resource(Verify, "/verify")
 
diff --git a/tests/test_app.py b/tests/test_app.py
index 43952698..3a81b874 100644
--- a/tests/test_app.py
+++ b/tests/test_app.py
@@ -15,6 +15,7 @@ def test_healthcheck(client):
     assert response.status_code == 200
     assert response.mimetype == "text/plain"
     assert response.text == "Healthy"
+    assert "Strict-Transport-Security" in response.headers
 
 
 def test_404(client):