{
public $max_age = 15552000;
public $includeSubDomains = false;
+ public $preloadToken = false;
function __construct()
{
function onArgsInitialize($args)
{
$path = common_config('site', 'path');
- if(common_config('site', 'ssl') == 'always' && ($path == '/' || ! $path )) {
+ if (GNUsocial::useHTTPS() && ($path == '/' || mb_strlen($path)==0 )) {
header('Strict-Transport-Security: max-age=' . $this->max_age
- . ($this->includeSubDomains ? '; includeSubDomains' : ''));
+ . ($this->includeSubDomains ? '; includeSubDomains' : '')
+ . ($this->preloadToken ? '; preload' : ''));
}
}
- function onPluginVersion(&$versions)
+ function onPluginVersion(array &$versions)
{
$versions[] = array('name' => 'StrictTransportSecurity',
'version' => GNUSOCIAL_VERSION,
'author' => 'Craig Andrews',
- 'homepage' => 'http://status.net/wiki/Plugin:StrictTransportSecurity',
+ 'homepage' => 'https://git.gnu.io/gnu/gnu-social/tree/master/plugins/StrictTransportSecurity',
'rawdescription' =>
// TRANS: Plugin description.
_m('The Strict Transport Security plugin implements the Strict Transport Security header, improving the security of HTTPS only sites.'));
projects / quix0rs-gnu-social.git / blobdiff