From 435878328fa3e083e1ba27bd45ff348d808ae1c1 Mon Sep 17 00:00:00 2001
From: Agniva De Sarker <agnivade@yahoo.co.in>
Date: Wed, 4 Jul 2018 09:14:33 +0530
Subject: [PATCH] cmd/godoc,cmd/tip: enable HSTS preload

Add the includeSubDomains directive to meet the requirements
for being added to the preload list described at https://hstspreload.org/.

Updates golang/go#26162

Change-Id: I415775aa523bcef3a52f1853de033f343b914e83
Reviewed-on: https://go-review.googlesource.com/122175
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
---
 cmd/godoc/handlers.go | 2 +-
 cmd/tip/tip.go        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/cmd/godoc/handlers.go b/cmd/godoc/handlers.go
index 137709bd21..a8447b371e 100644
--- a/cmd/godoc/handlers.go
+++ b/cmd/godoc/handlers.go
@@ -55,7 +55,7 @@ func (h hostEnforcerHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		http.Redirect(w, r, r.URL.String(), http.StatusFound)
 		return
 	}
-	w.Header().Set("Strict-Transport-Security", "max-age=31536000; preload")
+	w.Header().Set("Strict-Transport-Security", "max-age=31536000; includeSubDomains; preload")
 	h.h.ServeHTTP(w, r)
 }
 
diff --git a/cmd/tip/tip.go b/cmd/tip/tip.go
index 91032dc20e..35b06ec5bb 100644
--- a/cmd/tip/tip.go
+++ b/cmd/tip/tip.go
@@ -408,7 +408,7 @@ func (h httpsOnlyHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	if r.Header.Get("X-Appengine-Https") == "on" || r.Header.Get("X-Forwarded-Proto") == "https" ||
 		(!isProxiedReq(r) && r.TLS != nil) {
 		// Only set this header when we're actually in production.
-		w.Header().Set("Strict-Transport-Security", "max-age=31536000; preload")
+		w.Header().Set("Strict-Transport-Security", "max-age=31536000; includeSubDomains; preload")
 	}
 	h.h.ServeHTTP(w, r)
 }