| Top |  |  |  |  | 
| SoupHSTSEnforcerSoupHSTSEnforcer — Automatic HTTP Strict Transport Security enforcing for SoupSession | 
Functions
| SoupHSTSEnforcer * | soup_hsts_enforcer_new () | 
| gboolean | soup_hsts_enforcer_is_persistent () | 
| gboolean | soup_hsts_enforcer_has_valid_policy () | 
| void | soup_hsts_enforcer_set_policy () | 
| void | soup_hsts_enforcer_set_session_policy () | 
| GList * | soup_hsts_enforcer_get_domains () | 
| GList * | soup_hsts_enforcer_get_policies () | 
| SoupHSTSPolicy * | soup_hsts_policy_new () | 
| SoupHSTSPolicy * | soup_hsts_policy_new_full () | 
| SoupHSTSPolicy * | soup_hsts_policy_new_from_response () | 
| SoupHSTSPolicy * | soup_hsts_policy_copy () | 
| gboolean | soup_hsts_policy_equal () | 
| void | soup_hsts_policy_free () | 
| const char * | soup_hsts_policy_get_domain () | 
| gboolean | soup_hsts_policy_is_expired () | 
| gboolean | soup_hsts_policy_includes_subdomains () | 
| gboolean | soup_hsts_policy_is_session_policy () | 
Description
A SoupHSTSEnforcer stores HSTS policies and enforces them when
required. SoupHSTSEnforcer implements SoupSessionFeature, so you
can add an HSTS enforcer to a session with
soup_session_add_feature() or soup_session_add_feature_by_type().
SoupHSTSEnforcer keeps track of all the HTTPS destinations that, when connected to, return the Strict-Transport-Security header with valid values. SoupHSTSEnforcer will forget those destinations upon expiry or when the server requests it.
When the SoupSession the SoupHSTSEnforcer is attached to queues or restarts a message, the SoupHSTSEnforcer will rewrite the URI to HTTPS if the destination is a known HSTS host and is contacted over an insecure transport protocol (HTTP). Users of SoupHSTSEnforcer are advised to listen to changes in SoupMessage:uri in order to be aware of changes in the message URI.
Note that SoupHSTSEnforcer does not support any form of long-term HSTS policy persistence. See SoupHSTSDBEnforcer for a persistent enforcer.
Functions
soup_hsts_enforcer_new ()
SoupHSTSEnforcer *
soup_hsts_enforcer_new (void);
Creates a new SoupHSTSEnforcer. The base SoupHSTSEnforcer class does not support persistent storage of HSTS policies, see SoupHSTSEnforcerDB for that.
Since: 2.68
soup_hsts_enforcer_is_persistent ()
gboolean
soup_hsts_enforcer_is_persistent (SoupHSTSEnforcer *hsts_enforcer);
Gets whether hsts_enforcer
 stores policies persistenly.
Since: 2.68
soup_hsts_enforcer_has_valid_policy ()
gboolean soup_hsts_enforcer_has_valid_policy (SoupHSTSEnforcer *hsts_enforcer,const char *domain);
Gets whether hsts_enforcer
 has a currently valid policy for domain
.
Since: 2.68
soup_hsts_enforcer_set_policy ()
void soup_hsts_enforcer_set_policy (SoupHSTSEnforcer *hsts_enforcer,SoupHSTSPolicy *policy);
Sets policy
 to hsts_enforcer
. If policy
 is expired, any
existing HSTS policy for its host will be removed instead. If a
policy existed for this host, it will be replaced. Otherwise, the
new policy will be inserted. If the policy is a session policy, that
is, one created with soup_hsts_policy_new_session_policy(), the policy
will not expire and will be enforced during the lifetime of
hsts_enforcer
's SoupSession.
Since: 2.68
soup_hsts_enforcer_set_session_policy ()
void soup_hsts_enforcer_set_session_policy (SoupHSTSEnforcer *hsts_enforcer,const char *domain,gboolean include_subdomains);
Sets a session policy for domain
. A session policy is a policy
that is permanent to the lifetime of hsts_enforcer
's SoupSession
and doesn't expire.
Parameters
| hsts_enforcer | ||
| domain | policy domain or hostname | |
| include_subdomains | 
 | 
Since: 2.68
soup_hsts_enforcer_get_domains ()
GList * soup_hsts_enforcer_get_domains (SoupHSTSEnforcer *hsts_enforcer,gboolean session_policies);
Gets a list of domains for which there are policies in enforcer
.
Returns
a newly allocated
list of domains. Use g_list_free_full() and g_free() to free the
list. 
[element-type utf8][transfer full]
Since: 2.68
soup_hsts_enforcer_get_policies ()
GList * soup_hsts_enforcer_get_policies (SoupHSTSEnforcer *hsts_enforcer,gboolean session_policies);
Gets a list with the policies in enforcer
.
Returns
a newly
allocated list of policies. Use g_list_free_full() and
soup_hsts_policy_free() to free the list. 
[element-type SoupHSTSPolicy][transfer full]
Since: 2.68
soup_hsts_policy_new ()
SoupHSTSPolicy * soup_hsts_policy_new (const char *domain,unsigned long max_age,gboolean include_subdomains);
Creates a new SoupHSTSPolicy with the given attributes.
domain
 is a domain on which the strict transport security policy
represented by this object must be enforced.
max_age
 is used to set the "expires" attribute on the policy; pass
SOUP_HSTS_POLICY_MAX_AGE_PAST for an already-expired policy, or a
lifetime in seconds.
If include_subdomains
 is TRUE, the strict transport security policy
must also be enforced on all subdomains of domain
.
Parameters
| domain | policy domain or hostname | |
| max_age | max age of the policy | |
| include_subdomains | 
 | 
Since: 2.68
soup_hsts_policy_new_full ()
SoupHSTSPolicy * soup_hsts_policy_new_full (const char *domain,unsigned long max_age,SoupDate *expires,gboolean include_subdomains);
Full version of soup_hsts_policy_new(), to use with an existing
expiration date. See soup_hsts_policy_new() for details.
Parameters
| domain | policy domain or hostname | |
| max_age | max age of the policy | |
| expires | the date of expiration of the policy or  | |
| include_subdomains | 
 | 
Since: 2.68
soup_hsts_policy_new_from_response ()
SoupHSTSPolicy *
soup_hsts_policy_new_from_response (SoupMessage *msg);
Parses msg
's first "Strict-Transport-Security" response header and
returns a SoupHSTSPolicy.
Returns
a new SoupHSTSPolicy, or NULL if no valid
"Strict-Transport-Security" response header was found. 
[nullable]
Since: 2.68
soup_hsts_policy_copy ()
SoupHSTSPolicy *
soup_hsts_policy_copy (SoupHSTSPolicy *policy);
Copies policy
.
Since: 2.68
soup_hsts_policy_equal ()
gboolean soup_hsts_policy_equal (SoupHSTSPolicy *policy1,SoupHSTSPolicy *policy2);
Tests if policy1
 and policy2
 are equal.
Since: 2.68
soup_hsts_policy_free ()
void
soup_hsts_policy_free (SoupHSTSPolicy *policy);
Frees policy
.
Since: 2.68
soup_hsts_policy_get_domain ()
const char *
soup_hsts_policy_get_domain (SoupHSTSPolicy *policy);
Gets policy
's domain.
Since: 2.68
soup_hsts_policy_is_expired ()
gboolean
soup_hsts_policy_is_expired (SoupHSTSPolicy *policy);
Gets whether policy
 is expired. Permanent policies never
expire.
Since: 2.68
soup_hsts_policy_includes_subdomains ()
gboolean
soup_hsts_policy_includes_subdomains (SoupHSTSPolicy *policy);
Gets whether policy
 include its subdomains.
Since: 2.68
soup_hsts_policy_is_session_policy ()
gboolean
soup_hsts_policy_is_session_policy (SoupHSTSPolicy *policy);
Gets whether policy
 is a non-permanent, non-expirable session policy.
see soup_hsts_policy_new_session_policy() for details.
Since: 2.68
Types and Values
SoupHSTSEnforcerClass
typedef struct {
	GObjectClass parent_class;
	gboolean (*is_persistent) (SoupHSTSEnforcer *hsts_enforcer);
	gboolean (*has_valid_policy) (SoupHSTSEnforcer *hsts_enforcer, const char *domain);
	/* signals */
	void (*changed) (SoupHSTSEnforcer *enforcer,
			 SoupHSTSPolicy	  *old_policy,
			 SoupHSTSPolicy	  *new_policy);
	void (*hsts_enforced) (SoupHSTSEnforcer *enforcer,
			       SoupMessage      *message);
	/* Padding for future expansion */
	void (*_libsoup_reserved1) (void);
	void (*_libsoup_reserved2) (void);
	void (*_libsoup_reserved3) (void);
	void (*_libsoup_reserved4) (void);
} SoupHSTSEnforcerClass;
Members
| The  | ||
| The  | ||
| the class closure for the “changed” signal. | ||
SoupHSTSPolicy
typedef struct {
	char                 *domain;
	unsigned long         max_age;
	SoupDate             *expires;
	gboolean              include_subdomains;
} SoupHSTSPolicy;
An HTTP Strict Transport Security policy.
domain
 represents the host that this policy applies to. The domain
must be IDNA-canonicalized. soup_hsts_policy_new() and related methods
will do this for you.
max_age
 contains the 'max-age' value from the Strict Transport
Security header and indicates the time to live of this policy,
in seconds.
expires
 will be non-NULL if the policy has been set by the host and
hence has an expiry time. If expires
 is NULL, it indicates that the
policy is a permanent session policy set by the user agent.
If include_subdomains
 is TRUE, the Strict Transport Security policy
must also be enforced on subdomains of domain
.
Members
| The domain or hostname that the policy applies to | ||
| The maximum age, in seconds, that the policy is valid | ||
| SoupDate * | the policy expiration time, or  | |
| 
 | 
Since: 2.68
Signal Details
The “changed” signal
void user_function (SoupHSTSEnforcer *hsts_enforcer, SoupHSTSPolicy *old_policy, SoupHSTSPolicy *new_policy, gpointer user_data)
Emitted when hsts_enforcer
 changes. If a policy has been added,
new_policy
 will contain the newly-added policy and
old_policy
 will be NULL. If a policy has been deleted,
old_policy
 will contain the to-be-deleted policy and
new_policy
 will be NULL. If a policy has been changed,
old_policy
 will contain its old value, and new_policy
 its
new value.
Note that you shouldn't modify the policies from a callback to this signal.
Parameters
| hsts_enforcer | the SoupHSTSEnforcer | |
| old_policy | the old SoupHSTSPolicy value | |
| new_policy | the new SoupHSTSPolicy value | |
| user_data | user data set when the signal handler was connected. | 
Flags: Run First
The “hsts-enforced” signal
void user_function (SoupHSTSEnforcer *hsts_enforcer, SoupMessage *message, gpointer user_data)
Emitted when hsts_enforcer
 has upgraded the protocol
for message
 to HTTPS as a result of matching its domain with
a HSTS policy.
Parameters
| hsts_enforcer | the SoupHSTSEnforcer | |
| message | the message for which HSTS is being enforced | |
| user_data | user data set when the signal handler was connected. | 
Flags: Run First
