Skip to main content

src/plume@strict_transport_security.erl

-module(plume@strict_transport_security).
-compile([no_auto_import, nowarn_unused_vars, nowarn_unused_function, nowarn_nomatch, inline]).
-define(FILEPATH, "src/plume/strict_transport_security.gleam").
-export([to_string/1]).
-export_type([strict_transport_security/0]).

-if(?OTP_RELEASE >= 27).
-define(MODULEDOC(Str), -moduledoc(Str)).
-define(DOC(Str), -doc(Str)).
-else.
-define(MODULEDOC(Str), -compile([])).
-define(DOC(Str), -compile([])).
-endif.

?MODULEDOC(
    " Strict-Transport-Security\n"
    "\n"
    " This response header (often abbreviated as HSTS) lets a site tell browsers\n"
    " that it should only be accessed using HTTPS, and that any future attempts\n"
    " to access it using HTTP should be automatically converted to HTTPS. This\n"
    " helps protect against protocol downgrade attacks and cookie hijacking.\n"
    "\n"
    " See the [MDN docs](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Strict-Transport-Security).\n"
).

-type strict_transport_security() :: {max_age, integer()} |
    {include_sub_domains, integer()} |
    {preload, integer()}.

-file("src/plume/strict_transport_security.gleam", 31).
?DOC(" Encode as the `Strict-Transport-Security` header value.\n").
-spec to_string(strict_transport_security()) -> binary().
to_string(Value) ->
    case Value of
        {max_age, Seconds} ->
            <<"max-age="/utf8, (erlang:integer_to_binary(Seconds))/binary>>;

        {include_sub_domains, Seconds@1} ->
            <<<<"max-age="/utf8, (erlang:integer_to_binary(Seconds@1))/binary>>/binary,
                "; includeSubDomains"/utf8>>;

        {preload, Seconds@2} ->
            <<<<"max-age="/utf8, (erlang:integer_to_binary(Seconds@2))/binary>>/binary,
                "; includeSubDomains; preload"/utf8>>
    end.