From: Lukas Reschke <lukas@statuscode.ch>
Date: Thu, 14 Feb 2013 18:23:29 +0000 (+0100)
Subject: Invalidate existing HSTS headers
X-Git-Tag: v5.0.0beta1~43^2
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=be194c5b5bef563ea38e85f784e6e9a3e8f181e1;p=nextcloud-server.git

Invalidate existing HSTS headers
---

diff --git a/lib/base.php b/lib/base.php
index fd9a1d41121..ff95a87e438 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -231,6 +231,11 @@ class OC {
 				header("Location: $url");
 				exit();
 			}
+		} else {
+			// Invalidate HSTS headers
+			if (OC_Request::serverProtocol() === 'https') {
+				header('Strict-Transport-Security: max-age=0');
+			}
 		}
 	}