12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667 |
- <?php
- if (!defined('GNUSOCIAL')) { exit(1); }
- class StrictTransportSecurityPlugin extends Plugin
- {
- const PLUGIN_VERSION = '2.0.0';
- public $max_age = 15552000;
- public $includeSubDomains = false;
- public $preloadToken = false;
- function __construct()
- {
- parent::__construct();
- }
- function onArgsInitialize($args)
- {
- $path = common_config('site', 'path');
- if (GNUsocial::useHTTPS() && ($path == '/' || mb_strlen($path)==0 )) {
- header('Strict-Transport-Security: max-age=' . $this->max_age
- . ($this->includeSubDomains ? '; includeSubDomains' : '')
- . ($this->preloadToken ? '; preload' : ''));
- }
- }
- public function onPluginVersion(array &$versions): bool
- {
- $versions[] = array('name' => 'StrictTransportSecurity',
- 'version' => self::PLUGIN_VERSION,
- 'author' => 'Craig Andrews',
- 'homepage' => 'https://git.gnu.io/gnu/gnu-social/tree/master/plugins/StrictTransportSecurity',
- 'rawdescription' =>
-
- _m('The Strict Transport Security plugin implements the Strict Transport Security header, improving the security of HTTPS only sites.'));
- return true;
- }
- }
|