Enable Strict-Transport-Security header for HTTPS

2015-05-17 13:40:56 -04:00 · 2015-05-17 13:40:56 -04:00 · d189bda524
parent 72a7d43b0f
commit d189bda524
2 changed files with 6 additions and 0 deletions
--- a/common.php
+++ b/common.php
@ -33,6 +33,8 @@ defined('AUTO_UPDATE_BACKUP_DIRECTORY') or define('AUTO_UPDATE_BACKUP_DIRECTORY'

 defined('RULES_DIRECTORY') or define('RULES_DIRECTORY', ROOT_DIRECTORY.DIRECTORY_SEPARATOR.'rules');

+defined('ENABLE_HSTS') or define('ENABLE_HSTS', true);
+
 require __DIR__.'/check_setup.php';

 PicoDb\Database::bootstrap('db', function() {
--- a/controllers/common.php
+++ b/controllers/common.php
@ -55,6 +55,10 @@ Router\before(function($action) {
    Response\xframe();
    Response\xss();
    Response\nosniff();
+
+    if (ENABLE_HSTS && Helper\is_secure_connection()) {
+        Response\hsts();
+    }
 });

 // Show help