wamo/gnu-social
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Allow adding preload token to HSTS header

Browse Source 
Use by adding this to config.php:

addPlugin('StrictTransportSecurity', array('preloadToken'=>true));
This commit is contained in:
Mikael Nordfeldth 2015-05-03 23:05:47 +02:00
parent 6d72800098
commit cd42ee7e85
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
plugins/StrictTransportSecurity/StrictTransportSecurityPlugin.php
View File

@ -33,6 +33,7 @@ class StrictTransportSecurityPlugin extends Plugin
{ {
public $max_age = 15552000; public $max_age = 15552000;
public $includeSubDomains = false; public $includeSubDomains = false;
public $preloadToken = false;
function __construct() function __construct()
{ {
@ -44,7 +45,8 @@ class StrictTransportSecurityPlugin extends Plugin
$path = common_config('site', 'path'); $path = common_config('site', 'path');
if(common_config('site', 'ssl') == 'always' && ($path == '/' || ! $path )) { if(common_config('site', 'ssl') == 'always' && ($path == '/' || ! $path )) {
header('Strict-Transport-Security: max-age=' . $this->max_age header('Strict-Transport-Security: max-age=' . $this->max_age
. ($this->includeSubDomains ? '; includeSubDomains' : '')); . ($this->includeSubDomains ? '; includeSubDomains' : '')
. ($this->preloadToken ? '; preload' : ''));
} }
} }