Allow adding preload token to HSTS header

Use by adding this to config.php:

addPlugin('StrictTransportSecurity', array('preloadToken'=>true));
This commit is contained in:
Mikael Nordfeldth 2015-05-03 23:05:47 +02:00
parent 6d72800098
commit cd42ee7e85

View File

@ -33,6 +33,7 @@ class StrictTransportSecurityPlugin extends Plugin
{
public $max_age = 15552000;
public $includeSubDomains = false;
public $preloadToken = false;
function __construct()
{
@ -44,7 +45,8 @@ class StrictTransportSecurityPlugin extends Plugin
$path = common_config('site', 'path');
if(common_config('site', 'ssl') == 'always' && ($path == '/' || ! $path )) {
header('Strict-Transport-Security: max-age=' . $this->max_age
. ($this->includeSubDomains ? '; includeSubDomains' : ''));
. ($this->includeSubDomains ? '; includeSubDomains' : '')
. ($this->preloadToken ? '; preload' : ''));
}
}