From: Mikael Nordfeldth <mmn@hethane.se>
Date: Sun, 3 May 2015 21:05:47 +0000 (+0200)
Subject: Allow adding preload token to HSTS header
X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=cd42ee7e85053bd3a2a2f364e4d2dbd84724f5b1;p=quix0rs-gnu-social.git

Allow adding preload token to HSTS header

Use by adding this to config.php:

addPlugin('StrictTransportSecurity', array('preloadToken'=>true));
---

diff --git a/plugins/StrictTransportSecurity/StrictTransportSecurityPlugin.php b/plugins/StrictTransportSecurity/StrictTransportSecurityPlugin.php
index 91747f1543..675642135c 100644
--- a/plugins/StrictTransportSecurity/StrictTransportSecurityPlugin.php
+++ b/plugins/StrictTransportSecurity/StrictTransportSecurityPlugin.php
@@ -33,6 +33,7 @@ class StrictTransportSecurityPlugin extends Plugin
 {
     public $max_age = 15552000;
     public $includeSubDomains = false;
+    public $preloadToken = false;
 
     function __construct()
     {
@@ -44,7 +45,8 @@ class StrictTransportSecurityPlugin extends Plugin
         $path = common_config('site', 'path');
         if(common_config('site', 'ssl') == 'always' && ($path == '/' || ! $path )) {
             header('Strict-Transport-Security: max-age=' . $this->max_age
-                    . ($this->includeSubDomains ? '; includeSubDomains' : ''));
+                    . ($this->includeSubDomains ? '; includeSubDomains' : '')
+                    . ($this->preloadToken ? '; preload' : ''));
         }
     }