harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

make strict transport security header optional

Browse Source
This commit is contained in:
redmatrix
2016-02-04 20:38:22 -08:00
parent bfeb89075f
commit 4250895243
2 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
boot.php
View File

@@ -2164,7 +2164,7 @@ function construct_page(&$a) {
// security headers - see https://securityheaders.io
if($a->get_scheme() === 'https')
if($a->get_scheme() === 'https' && $a->config['system']['transport_security_header'])
header("Strict-Transport-Security: max-age=31536000");
header("Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'");