From 4a61718cff790583a99bb729a1577198d522a860 Mon Sep 17 00:00:00 2001
From: Jake Barnby <jakeb994@gmail.com>
Date: Mon, 21 Nov 2022 16:49:45 +1300
Subject: [PATCH] Enable HSTS for all HTTPS requests

---
 app/controllers/general.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/app/controllers/general.php b/app/controllers/general.php
index 069a91868..0c10dd46e 100644
--- a/app/controllers/general.php
+++ b/app/controllers/general.php
@@ -223,7 +223,9 @@ App::init()
 
                 return $response->redirect('https://' . $request->getHostname() . $request->getURI());
             }
+        }
 
+        if ($request->getProtocol() === 'https') {
             $response->addHeader('Strict-Transport-Security', 'max-age=' . (60 * 60 * 24 * 126)); // 126 days
         }