From cbb21c0fbb96fa7c4ce5e7eca587e98951453c3c Mon Sep 17 00:00:00 2001
From: Jose Quintana <1700322+joseluisq@users.noreply.github.com>
Date: Mon, 5 Jun 2023 02:28:12 +0200
Subject: [PATCH] fix: security headers not enabled by default when using config (#216)

now the `security-headers` are enabled by default (not defined in
config.toml) if `http2` is enabled.
---
 src/settings/mod.rs |  9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/settings/mod.rs b/src/settings/mod.rs
index 746d9d7..9edf342 100644
--- a/src/settings/mod.rs
+++ b/src/settings/mod.rs
@@ -197,8 +197,13 @@ impl Settings {
                     if let Some(v) = general.https_redirect_from_hosts {
                         https_redirect_from_hosts = v
                     }
-                    if let Some(v) = general.security_headers {
-                        security_headers = v
+                    match general.security_headers {
+                        Some(v) => security_headers = v,
+                        _ => {
+                            if http2 {
+                                security_headers = true;
+                            }
+                        }
                     }
                     if let Some(ref v) = general.cors_allow_origins {
                         cors_allow_origins = v.to_owned()
--
libgit2 1.7.2