Send a HSTS HTTP header to enforce SSL

author Lukas Reschke <lukas@statuscode.ch>

Wed, 10 Oct 2012 16:56:14 +0000 (18:56 +0200)

committer Lukas Reschke <lukas@statuscode.ch>

Wed, 10 Oct 2012 16:56:14 +0000 (18:56 +0200)
author Lukas Reschke <lukas@statuscode.ch>
Wed, 10 Oct 2012 16:56:14 +0000 (18:56 +0200)
committer Lukas Reschke <lukas@statuscode.ch>
Wed, 10 Oct 2012 16:56:14 +0000 (18:56 +0200)
diff --git a/lib/base.php b/lib/base.php

index c898273d9e24c065a56a25916e37aec45b50a0d7..21b7165e5e83ce2acbbc20219d7781866265a3e4 100644 (file)
--- a/lib/base.php
+++ b/lib/base.php
@@ -193,6 +193,7 @@ class OC{
         public static function checkSSL() {
                 // redirect to https site if configured
                 if( OC_Config::getValue( "forcessl", false )) {
+                       header('Strict-Transport-Security: max-age=31536000');
                         ini_set("session.cookie_secure", "on");
                         if(OC_Request::serverProtocol()<>'https' and !OC::$CLI) {
                                 $url = "https://". OC_Request::serverHost() . $_SERVER['REQUEST_URI'];
author	Lukas Reschke <lukas@statuscode.ch>
	Wed, 10 Oct 2012 16:56:14 +0000 (18:56 +0200)
committer	Lukas Reschke <lukas@statuscode.ch>
	Wed, 10 Oct 2012 16:56:14 +0000 (18:56 +0200)