Allow adding preload token to HSTS header

Use by adding this to config.php:

addPlugin('StrictTransportSecurity', array('preloadToken'=>true));

diff --git a/plugins/StrictTransportSecurity/StrictTransportSecurityPlugin.php b/plugins/StrictTransportSecurity/StrictTransportSecurityPlugin.php
index 91747f154344ff1a82d67ddb06b1493bf5346b27..675642135c4d2ef4bcf5d8035ac9f38ae65e3e9b 100644 (file)
--- a/plugins/StrictTransportSecurity/StrictTransportSecurityPlugin.php
+++ b/plugins/StrictTransportSecurity/StrictTransportSecurityPlugin.php
@@ -33,6 +33,7 @@ class StrictTransportSecurityPlugin extends Plugin
 {
     public $max_age = 15552000;
     public $includeSubDomains = false;
+    public $preloadToken = false;
 
     function __construct()
     {
@@ -44,7 +45,8 @@ class StrictTransportSecurityPlugin extends Plugin
         $path = common_config('site', 'path');
         if(common_config('site', 'ssl') == 'always' && ($path == '/' || ! $path )) {
             header('Strict-Transport-Security: max-age=' . $this->max_age
-                    . ($this->includeSubDomains ? '; includeSubDomains' : ''));
+                    . ($this->includeSubDomains ? '; includeSubDomains' : '')
+                    . ($this->preloadToken ? '; preload' : ''));
         }
     }