Enable Strict-Transport-Security header for HTTPS

This commit is contained in:
Frederic Guillot 2015-05-17 13:40:56 -04:00
parent 72a7d43b0f
commit d189bda524
2 changed files with 6 additions and 0 deletions

View File

@ -33,6 +33,8 @@ defined('AUTO_UPDATE_BACKUP_DIRECTORY') or define('AUTO_UPDATE_BACKUP_DIRECTORY'
defined('RULES_DIRECTORY') or define('RULES_DIRECTORY', ROOT_DIRECTORY.DIRECTORY_SEPARATOR.'rules'); defined('RULES_DIRECTORY') or define('RULES_DIRECTORY', ROOT_DIRECTORY.DIRECTORY_SEPARATOR.'rules');
defined('ENABLE_HSTS') or define('ENABLE_HSTS', true);
require __DIR__.'/check_setup.php'; require __DIR__.'/check_setup.php';
PicoDb\Database::bootstrap('db', function() { PicoDb\Database::bootstrap('db', function() {

View File

@ -55,6 +55,10 @@ Router\before(function($action) {
Response\xframe(); Response\xframe();
Response\xss(); Response\xss();
Response\nosniff(); Response\nosniff();
if (ENABLE_HSTS && Helper\is_secure_connection()) {
Response\hsts();
}
}); });
// Show help // Show help