Merge pull request #1705 from owncloud/DisableHSTS

Invalidate existing HSTS headers
author: Lukas Reschke <lukas@statuscode.ch> 2013-02-14 11:33:26 -0800
committer: Lukas Reschke <lukas@statuscode.ch> 2013-02-14 11:33:26 -0800
commit: b6cbfc9cfe90533d13f51e9e91b91e965e88d39e (patch)
tree: a7be5d82375e16621373b8117a0f9182c2161ebe
parent: 5624f1b838575fc26d45d97e7aa6ea2f58bf29e3 (diff)
parent: be194c5b5bef563ea38e85f784e6e9a3e8f181e1 (diff)
download: nextcloud-server-b6cbfc9cfe90533d13f51e9e91b91e965e88d39e.tar.gz
nextcloud-server-b6cbfc9cfe90533d13f51e9e91b91e965e88d39e.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/lib/base.php b/lib/base.php
index fd9a1d41121..ff95a87e438 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -231,6 +231,11 @@ class OC {
 				header("Location: $url");
 				exit();
 			}
+		} else {
+			// Invalidate HSTS headers
+			if (OC_Request::serverProtocol() === 'https') {
+				header('Strict-Transport-Security: max-age=0');
+			}
 		}
 	}
author	Lukas Reschke <lukas@statuscode.ch>	2013-02-14 11:33:26 -0800
committer	Lukas Reschke <lukas@statuscode.ch>	2013-02-14 11:33:26 -0800
commit	b6cbfc9cfe90533d13f51e9e91b91e965e88d39e (patch)
tree	a7be5d82375e16621373b8117a0f9182c2161ebe
parent	5624f1b838575fc26d45d97e7aa6ea2f58bf29e3 (diff)
parent	be194c5b5bef563ea38e85f784e6e9a3e8f181e1 (diff)
download	nextcloud-server-b6cbfc9cfe90533d13f51e9e91b91e965e88d39e.tar.gz nextcloud-server-b6cbfc9cfe90533d13f51e9e91b91e965e88d39e.zip