/**
* StatusNet, the distributed open-source microblogging tool
*
- * Plugin to enable Single Sign On via CAS (Central Authentication Service)
+ * Plugin to enable Strict Transport Security headers
*
* PHP version 5
*
* @link http://status.net/
*/
-if (!defined('STATUSNET') && !defined('LACONICA')) {
- exit(1);
-}
+if (!defined('GNUSOCIAL')) { exit(1); }
class StrictTransportSecurityPlugin extends Plugin
{
public $max_age = 15552000;
public $includeSubDomains = false;
+ public $preloadToken = false;
function __construct()
{
parent::__construct();
}
- function onArgsInitialize($args)
+ function onArgsInitialize(array &$args)
{
$path = common_config('site', 'path');
if(common_config('site', 'ssl') == 'always' && ($path == '/' || ! $path )) {
- header('Strict-Transport-Security: max-age=' . $this->max_age . + ($this->includeSubDomains?'; includeSubDomains':''));
+ header('Strict-Transport-Security: max-age=' . $this->max_age
+ . ($this->includeSubDomains ? '; includeSubDomains' : '')
+ . ($this->preloadToken ? '; preload' : ''));
}
}
- function onPluginVersion(&$versions)
+ function onPluginVersion(array &$versions)
{
$versions[] = array('name' => 'StrictTransportSecurity',
- 'version' => STATUSNET_VERSION,
+ 'version' => GNUSOCIAL_VERSION,
'author' => 'Craig Andrews',
'homepage' => 'http://status.net/wiki/Plugin:StrictTransportSecurity',
'rawdescription' =>
+ // TRANS: Plugin description.
_m('The Strict Transport Security plugin implements the Strict Transport Security header, improving the security of HTTPS only sites.'));
return true;
}