From 26fd0c70022b747120c93a7884ab456229d419a6 Mon Sep 17 00:00:00 2001
From: Ash Davies <3853061+DrizzlyOwl@users.noreply.github.com>
Date: Tue, 2 Jul 2024 17:07:53 +0100
Subject: [PATCH] Use HSTS for all responses

---
 TramsDataApi/Startup.cs | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/TramsDataApi/Startup.cs b/TramsDataApi/Startup.cs
index 1aea3b82f..a616ad46e 100644
--- a/TramsDataApi/Startup.cs
+++ b/TramsDataApi/Startup.cs
@@ -111,6 +111,12 @@ public void ConfigureServices(IServiceCollection services)
 
             services.AddSingleton<IUseCase<string, ApiUser>, ApiKeyService>();
             services.AddSingleton<ApiUserEnricher>();
+            services.AddHsts(options =>
+            {
+                options.Preload = true;
+                options.IncludeSubDomains = true;
+                options.MaxAge = TimeSpan.FromDays(365);
+            });
         }
 
         // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
@@ -140,6 +146,7 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env, IApiVers
             app.UseHttpsRedirection();
             app.UseRouting();
             app.UseAuthorization();
+            app.UseHsts();
 
             app.UseEndpoints(endpoints => { endpoints.MapControllers(); });
         }