Send a HSTS HTTP header to enforce SSL

author: Lukas Reschke <lukas@statuscode.ch> 2012-10-10 18:56:14 +0200
committer: Lukas Reschke <lukas@statuscode.ch> 2012-10-10 18:56:14 +0200
commit: cda213596672b50e4c1dff3846444a61a47cfd7d (patch)
tree: ee1921c0f402a34df3cd65d519a73d905ee35e24 /lib/base.php
parent: 2f4b1b0e4c52b1685642513482a697f9ab1e5fc1 (diff)
download: nextcloud-server-cda213596672b50e4c1dff3846444a61a47cfd7d.tar.gz
nextcloud-server-cda213596672b50e4c1dff3846444a61a47cfd7d.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/base.php b/lib/base.php
index c898273d9e2..21b7165e5e8 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -193,6 +193,7 @@ class OC{
 	public static function checkSSL() {
 		// redirect to https site if configured
 		if( OC_Config::getValue( "forcessl", false )) {
+			header('Strict-Transport-Security: max-age=31536000');
 			ini_set("session.cookie_secure", "on");
 			if(OC_Request::serverProtocol()<>'https' and !OC::$CLI) {
 				$url = "https://". OC_Request::serverHost() . $_SERVER['REQUEST_URI'];
author	Lukas Reschke <lukas@statuscode.ch>	2012-10-10 18:56:14 +0200
committer	Lukas Reschke <lukas@statuscode.ch>	2012-10-10 18:56:14 +0200
commit	cda213596672b50e4c1dff3846444a61a47cfd7d (patch)
tree	ee1921c0f402a34df3cd65d519a73d905ee35e24 /lib/base.php
parent	2f4b1b0e4c52b1685642513482a697f9ab1e5fc1 (diff)
download	nextcloud-server-cda213596672b50e4c1dff3846444a61a47cfd7d.tar.gz nextcloud-server-cda213596672b50e4c1dff3846444a61a47cfd7d.zip