From cd42ee7e85053bd3a2a2f364e4d2dbd84724f5b1 Mon Sep 17 00:00:00 2001
From: Mikael Nordfeldth <mmn@hethane.se>
Date: Sun, 3 May 2015 23:05:47 +0200
Subject: [PATCH] Allow adding preload token to HSTS header

Use by adding this to config.php:

addPlugin('StrictTransportSecurity', array('preloadToken'=>true));
---
 .../StrictTransportSecurity/StrictTransportSecurityPlugin.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/plugins/StrictTransportSecurity/StrictTransportSecurityPlugin.php b/plugins/StrictTransportSecurity/StrictTransportSecurityPlugin.php
index 91747f1543..675642135c 100644
--- a/plugins/StrictTransportSecurity/StrictTransportSecurityPlugin.php
+++ b/plugins/StrictTransportSecurity/StrictTransportSecurityPlugin.php
@@ -33,6 +33,7 @@ class StrictTransportSecurityPlugin extends Plugin
 {
     public $max_age = 15552000;
     public $includeSubDomains = false;
+    public $preloadToken = false;
 
     function __construct()
     {
@@ -44,7 +45,8 @@ class StrictTransportSecurityPlugin extends Plugin
         $path = common_config('site', 'path');
         if(common_config('site', 'ssl') == 'always' && ($path == '/' || ! $path )) {
             header('Strict-Transport-Security: max-age=' . $this->max_age
-                    . ($this->includeSubDomains ? '; includeSubDomains' : ''));
+                    . ($this->includeSubDomains ? '; includeSubDomains' : '')
+                    . ($this->preloadToken ? '; preload' : ''));
         }
     }