Allow adding preload token to HSTS header
Use by adding this to config.php: addPlugin('StrictTransportSecurity', array('preloadToken'=>true));
This commit is contained in:
parent
6d72800098
commit
cd42ee7e85
@ -33,6 +33,7 @@ class StrictTransportSecurityPlugin extends Plugin
|
||||
{
|
||||
public $max_age = 15552000;
|
||||
public $includeSubDomains = false;
|
||||
public $preloadToken = false;
|
||||
|
||||
function __construct()
|
||||
{
|
||||
@ -44,7 +45,8 @@ class StrictTransportSecurityPlugin extends Plugin
|
||||
$path = common_config('site', 'path');
|
||||
if(common_config('site', 'ssl') == 'always' && ($path == '/' || ! $path )) {
|
||||
header('Strict-Transport-Security: max-age=' . $this->max_age
|
||||
. ($this->includeSubDomains ? '; includeSubDomains' : ''));
|
||||
. ($this->includeSubDomains ? '; includeSubDomains' : '')
|
||||
. ($this->preloadToken ? '; preload' : ''));
|
||||
}
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user