From c1ae91364c25a9722f19e66e5360eddf61642b8a Mon Sep 17 00:00:00 2001
From: Steve Kamerman <stevekamerman@gmail.com>
Date: Mon, 26 Mar 2018 14:57:50 -0400
Subject: [PATCH 1/2] Added endpoint to allow testing alternate response codes

---
 test/requirements/web/webserver.py | 37 ++++++++++++++++++------------
 1 file changed, 22 insertions(+), 15 deletions(-)

diff --git a/test/requirements/web/webserver.py b/test/requirements/web/webserver.py
index 305c207..9334657 100755
--- a/test/requirements/web/webserver.py
+++ b/test/requirements/web/webserver.py
@@ -1,28 +1,35 @@
 #!/usr/bin/env python3
 
-import os, sys
+import os, sys, re
 import http.server
 import socketserver
 
-
 class Handler(http.server.SimpleHTTPRequestHandler):
     def do_GET(self):
-        
-        self.send_response(200)
+
+        response_body = ""
+        response_code = 200
+
+        if self.path == "/headers":
+            response_body += self.headers.as_string()
+        elif self.path == "/port":
+            response_body += "answer from port %s\n" % PORT
+        elif re.match("/status/(\d+)", self.path):
+            result = re.match("/status/(\d+)", self.path)
+            response_code = int(result.group(1))
+            response_body += "answer with response code %s\n" % response_code
+        elif self.path == "/":
+            response_body += "I'm %s\n" % os.environ['HOSTNAME']
+        else:
+            response_body += "No route for this path!\n"
+            response_code = 404
+
+        self.send_response(response_code)
         self.send_header("Content-Type", "text/plain")
         self.end_headers()
 
-        if self.path == "/headers":
-            self.wfile.write(self.headers.as_string().encode())
-        elif self.path == "/port":
-            response = "answer from port %s\n" % PORT
-            self.wfile.write(response.encode())
-        elif self.path == "/":
-            response = "I'm %s\n" % os.environ['HOSTNAME']
-            self.wfile.write(response.encode())
-        else:
-            self.wfile.write("No route for this path!\n".encode())
-
+        if (len(response_body)):
+            self.wfile.write(response_body.encode())
 
 if __name__ == '__main__':
     PORT = int(sys.argv[1])

From 3590c1bae00df9a00f0d258282668b36d0380eef Mon Sep 17 00:00:00 2001
From: Steve Kamerman <stevekamerman@gmail.com>
Date: Mon, 26 Mar 2018 14:58:06 -0400
Subject: [PATCH 2/2] Added regression test to ensure HSTS works for errors

---
 test/test_ssl/test_hsts.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/test/test_ssl/test_hsts.py b/test/test_ssl/test_hsts.py
index 180f274..554d79a 100644
--- a/test/test_ssl/test_hsts.py
+++ b/test/test_ssl/test_hsts.py
@@ -7,6 +7,13 @@ def test_web1_HSTS_default(docker_compose, nginxproxy):
     assert "Strict-Transport-Security" in r.headers
     assert "max-age=31536000" == r.headers["Strict-Transport-Security"]
 
+# Regression test to ensure HSTS is enabled even when the upstream sends an error in response
+# Issue #1073 https://github.com/jwilder/nginx-proxy/pull/1073
+def test_web1_HSTS_error(docker_compose, nginxproxy):
+    r = nginxproxy.get("https://web1.nginx-proxy.tld/status/500", allow_redirects=False)
+    assert "Strict-Transport-Security" in r.headers
+    assert "max-age=31536000" == r.headers["Strict-Transport-Security"]
+
 def test_web2_HSTS_off(docker_compose, nginxproxy):
     r = nginxproxy.get("https://web2.nginx-proxy.tld/port", allow_redirects=False)
     assert "answer from port 81\n" in r.text