forked from GNUsocial/gnu-social
46f98b3142
The core plugins whose version was attached to GS's were reseted to 2.0.0. 2.0.0 was chosen as reset version for plugins because it is higher than the one that was set by inheriting GS version. Furthermore, it's a major change from prior plugin versioning system thus it also makes semantic sense. Justification for version bump: == GS == 9a4ab31f26 1.19.0 |
||
---|---|---|
.. | ||
locale | ||
README | ||
StrictTransportSecurityPlugin.php |
The Strict Transport Security plugin implements the Strict Transport Security header, improving the security of HTTPS only sites. See http://lists.w3.org/Archives/Public/www-archive/2009Sep/att-0051/draft-hodges-strict-transport-sec-05.plain.html for the specification. Installation ============ add "addPlugin('strictTransportSecurity');" to the bottom of your config.php The plugin will not do anything unless: $config['site']['ssl'] is set to something other than 'never' $config['site']['path'] is either not set, empty, or '/' Settings ======== max_age (15552000): sets how long to remember the forced HTTPS (seconds) (15552000 seconds is 180 days) includeSubDomains (false): if set, then STS will apply to all the sub-domains too. Example ======= addPlugin('strictTransportSecurity');