2010-10-27 04:46:18 +01:00
|
|
|
<?php
|
|
|
|
|
/**
|
|
|
|
|
* StatusNet, the distributed open-source microblogging tool
|
|
|
|
|
*
|
2013-08-29 15:20:43 +01:00
|
|
|
* Plugin to enable Strict Transport Security headers
|
2010-10-27 04:46:18 +01:00
|
|
|
*
|
|
|
|
|
* PHP version 5
|
|
|
|
|
*
|
|
|
|
|
* LICENCE: This program is free software: you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of the GNU Affero General Public License as published by
|
|
|
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
|
|
|
* (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU Affero General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU Affero General Public License
|
|
|
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
*
|
|
|
|
|
* @category Plugin
|
|
|
|
|
* @package StatusNet
|
|
|
|
|
* @author Craig Andrews <candrews@integralblue.com>
|
|
|
|
|
* @copyright 2009 Free Software Foundation, Inc http://www.fsf.org
|
|
|
|
|
* @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
|
|
|
|
|
* @link http://status.net/
|
|
|
|
|
*/
|
|
|
|
|
|
2015-05-03 21:50:44 +01:00
|
|
|
if (!defined('GNUSOCIAL')) { exit(1); }
|
2010-10-27 04:46:18 +01:00
|
|
|
|
|
|
|
|
class StrictTransportSecurityPlugin extends Plugin
|
|
|
|
|
{
|
2019-06-03 01:56:52 +01:00
|
|
|
const PLUGIN_VERSION = '2.0.0';
|
|
|
|
|
|
2010-10-27 04:46:18 +01:00
|
|
|
public $max_age = 15552000;
|
|
|
|
|
public $includeSubDomains = false;
|
2015-05-03 22:05:47 +01:00
|
|
|
public $preloadToken = false;
|
2010-10-27 04:46:18 +01:00
|
|
|
|
|
|
|
|
function __construct()
|
|
|
|
|
{
|
|
|
|
|
parent::__construct();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function onArgsInitialize($args)
|
|
|
|
|
{
|
|
|
|
|
$path = common_config('site', 'path');
|
2016-02-09 23:57:39 +00:00
|
|
|
if (GNUsocial::useHTTPS() && ($path == '/' || mb_strlen($path)==0 )) {
|
2015-05-03 21:50:44 +01:00
|
|
|
header('Strict-Transport-Security: max-age=' . $this->max_age
|
2015-05-03 22:05:47 +01:00
|
|
|
. ($this->includeSubDomains ? '; includeSubDomains' : '')
|
|
|
|
|
. ($this->preloadToken ? '; preload' : ''));
|
2010-10-27 04:46:18 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-08-12 15:03:30 +01:00
|
|
|
public function onPluginVersion(array &$versions): bool
|
2010-10-27 04:46:18 +01:00
|
|
|
{
|
|
|
|
|
$versions[] = array('name' => 'StrictTransportSecurity',
|
2019-06-03 01:56:52 +01:00
|
|
|
'version' => self::PLUGIN_VERSION,
|
2010-10-27 04:46:18 +01:00
|
|
|
'author' => 'Craig Andrews',
|
2019-11-21 00:21:22 +00:00
|
|
|
'homepage' => GNUSOCIAL_ENGINE_REPO_URL . 'tree/master/plugins/StrictTransportSecurity',
|
2010-10-27 04:46:18 +01:00
|
|
|
'rawdescription' =>
|
2011-06-05 23:37:10 +01:00
|
|
|
// TRANS: Plugin description.
|
2010-10-27 04:46:18 +01:00
|
|
|
_m('The Strict Transport Security plugin implements the Strict Transport Security header, improving the security of HTTPS only sites.'));
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
}
|
