Struct HstsConfig 

pub struct HstsConfig {
    pub enabled: Option<bool>,
    pub max_age: Option<u32>,
    pub include_subdomains: Option<bool>,
    pub preload: Option<bool>,
    pub force_replace_backend: Option<bool>,
}

HSTS (HTTP Strict Transport Security, RFC 6797) policy attached to an HTTPS listener default or per-frontend. The materialised Strict-Transport-Security: max-age=N[; includeSubDomains][; preload] header is injected on every successful HTTPS response (including proxy-generated 3xx/401/5xx default answers). Per RFC 6797 §7.2 the header MUST NOT be emitted on plaintext-HTTP responses; sozu rejects HSTS configured on an HttpListenerConfig at config-load time and gates the runtime injection on context.protocol == Protocol::HTTPS.

Validation:

• enabled = true with max_age = None defaults max_age to 31536000 seconds (1 year) at config-load.
• max_age = 0 is the RFC 6797 §11.4 kill-switch and is allowed silently; 0 < max_age < 86400 warns.
• preload = true with max_age < 31536000 or include_subdomains != true warns (Chrome HSTS preload list prerequisites at https://hstspreload.org/).
• preload is opt-in only; never default-true (RFC 6797 §14.2 — removal from the preload list is slow and partial).

Fields

enabled: Option<bool>

Whether HSTS is enabled for this scope. Required whenever the parent message includes an HstsConfig — the partial-update path treats enabled = false as the explicit-disable signal.

max_age: Option<u32>

Strict-Transport-Security max-age directive in seconds. When enabled = true and this is unset, sozu substitutes 31536000 (1 year, HSTS preload list minimum) at config-load.

include_subdomains: Option<bool>

Append ; includeSubDomains to the rendered header.

preload: Option<bool>

Append ; preload to the rendered header. Opt-in only — see RFC 6797 §14.2 and https://hstspreload.org/.

force_replace_backend: Option<bool>

Operator opt-in to override any backend-supplied Strict-Transport-Security header with sozu’s typed policy.

RFC 6797 §6.1 default behaviour is to PRESERVE a backend-emitted STS header when one is already present (sozu’s HSTS edit uses HeaderEditMode::SetIfAbsent). That keeps the backend’s intent intact for upstreams that ship their own HSTS policy.

Set this to true for the harden-centrally case: backends behind sozu emit a stale or weak HSTS policy (e.g. legacy max-age=300) and the operator wants to enforce a stronger policy at the proxy edge unconditionally. The materialiser then uses HeaderEditMode::Set instead of SetIfAbsent, replacing every backend-supplied STS header with sozu’s rendered value.

Cite: https://datatracker.ietf.org/doc/html/rfc6797#section-6.1

Implementations

impl HstsConfig

pub fn enabled(&self) -> bool

Returns the value of enabled, or the default value if enabled is unset.

pub fn max_age(&self) -> u32

Returns the value of max_age, or the default value if max_age is unset.

pub fn include_subdomains(&self) -> bool

Returns the value of include_subdomains, or the default value if include_subdomains is unset.

pub fn preload(&self) -> bool

Returns the value of preload, or the default value if preload is unset.

pub fn force_replace_backend(&self) -> bool

Returns the value of force_replace_backend, or the default value if force_replace_backend is unset.

Trait Implementations

impl Clone for HstsConfig

fn clone(&self) -> HstsConfig

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for HstsConfig

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for HstsConfig

fn default() -> Self

Returns the “default value” for a type.

impl<'de> Deserialize<'de> for HstsConfig

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl Hash for HstsConfig

fn hash<__H: Hasher>(&self, state: &mut __H)

Feeds this value into the given Hasher.

fn hash_slice<H>(data: &[Self], state: &mut H)

where H: Hasher, Self: Sized,

Feeds a slice of this type into the given Hasher.

impl Message for HstsConfig

fn encoded_len(&self) -> usize

Returns the encoded length of the message without a length delimiter.

fn clear(&mut self)

Clears the message, resetting all fields to their default.

fn encode(&self, buf: &mut impl BufMut) -> Result<(), EncodeError>

where Self: Sized,

Encodes the message to a buffer.

fn encode_to_vec(&self) -> Vec<u8>

where Self: Sized,

Encodes the message to a newly allocated buffer.

fn encode_length_delimited( &self, buf: &mut impl BufMut, ) -> Result<(), EncodeError>

where Self: Sized,

Encodes the message with a length-delimiter to a buffer.

fn encode_length_delimited_to_vec(&self) -> Vec<u8>

where Self: Sized,

Encodes the message with a length-delimiter to a newly allocated buffer.

fn decode(buf: impl Buf) -> Result<Self, DecodeError>

where Self: Default,

Decodes an instance of the message from a buffer.

fn decode_length_delimited(buf: impl Buf) -> Result<Self, DecodeError>

where Self: Default,

Decodes a length-delimited instance of the message from the buffer.

fn merge(&mut self, buf: impl Buf) -> Result<(), DecodeError>

where Self: Sized,

Decodes an instance of the message from a buffer, and merges it into self.

fn merge_length_delimited(&mut self, buf: impl Buf) -> Result<(), DecodeError>

where Self: Sized,

Decodes a length-delimited instance of the message from buffer, and merges it into self.

impl Ord for HstsConfig

fn cmp(&self, other: &HstsConfig) -> Ordering

This method returns an Ordering between self and other.

fn max(self, other: Self) -> Self

where Self: Sized,

Compares and returns the maximum of two values.

fn min(self, other: Self) -> Self

where Self: Sized,

Compares and returns the minimum of two values.

fn clamp(self, min: Self, max: Self) -> Self

where Self: Sized,

Restrict a value to a certain interval.

impl PartialEq for HstsConfig

fn eq(&self, other: &HstsConfig) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl PartialOrd for HstsConfig

fn partial_cmp(&self, other: &HstsConfig) -> Option<Ordering>

This method returns an ordering between self and other values if one exists.

fn lt(&self, other: &Rhs) -> bool

Tests less than (for self and other) and is used by the < operator.

fn le(&self, other: &Rhs) -> bool

Tests less than or equal to (for self and other) and is used by the <= operator.

fn gt(&self, other: &Rhs) -> bool

Tests greater than (for self and other) and is used by the > operator.

fn ge(&self, other: &Rhs) -> bool

Tests greater than or equal to (for self and other) and is used by the >= operator.

impl Serialize for HstsConfig

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>

where __S: Serializer,

Serialize this value into the given Serde serializer.

impl Copy for HstsConfig

impl Eq for HstsConfig

impl StructuralPartialEq for HstsConfig