From f5e971819f9643b8328fd09f23b234d631594614 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Piotr=20Poniedzia=C5=82ek?= <pondzix@gmail.com>
Date: Mon, 29 Jan 2024 13:33:36 +0100
Subject: [PATCH] Surround HSTS header value with `""` + add endpoint to
 openapi.yaml

---
 provisioning/resources/configs/openapi.yaml       | 15 ++++++++++++---
 .../resources/control-plane/add_hsts_header.go    |  2 +-
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/provisioning/resources/configs/openapi.yaml b/provisioning/resources/configs/openapi.yaml
index f94b0a61..ab305ccf 100644
--- a/provisioning/resources/configs/openapi.yaml
+++ b/provisioning/resources/configs/openapi.yaml
@@ -221,9 +221,18 @@ paths:
           description: "Telemetry has been reconfigured"
         "401":
           description: "Unauthorized"
-      
-      
-      
+  /add-hsts:
+    put:
+      tags:
+      - "configuration"
+      summary: "Add HSTS header"
+      description: "Adds HSTS header to underlying caddy configuration. When added, 'Strict-Transport-Security' header is returned for each HTTPS response"
+      operationId: "addHsts"
+      responses:
+        "200":
+          description: "HSTS header has been added"
+        "401":
+          description: "Unauthorized"
       
   /restart-services:
     put:
diff --git a/provisioning/resources/control-plane/add_hsts_header.go b/provisioning/resources/control-plane/add_hsts_header.go
index e6956b20..67849fed 100644
--- a/provisioning/resources/control-plane/add_hsts_header.go
+++ b/provisioning/resources/control-plane/add_hsts_header.go
@@ -31,7 +31,7 @@ func addHstsHeader(configPath string) error {
 		`
       handle @isHttps {
         import handleProtectedPaths
-        header Strict-Transport-Security max-age=31536000; includeSubDomains
+        header Strict-Transport-Security "max-age=31536000; includeSubDomains"
       }
 `
 	newCaddyConfig := strings.Replace(string(currentConfig), toReplacePattern, replaceWithHsts, 1)