Enable HSTS for all HTTPS requests

2024-05-12 16:52:32 +12:00 · 2022-11-21 16:49:45 +13:00 · 2022-11-21 16:49:45 +13:00 · 4a61718cff
parent 8f6a151980
commit 4a61718cff
1 changed files with 2 additions and 0 deletions
--- a/app/controllers/general.php
+++ b/app/controllers/general.php
@ -223,7 +223,9 @@ App::init()

                return $response->redirect('https://' . $request->getHostname() . $request->getURI());
            }
+        }

+        if ($request->getProtocol() === 'https') {
            $response->addHeader('Strict-Transport-Security', 'max-age=' . (60 * 60 * 24 * 126)); // 126 days
        }