12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364 |
- <?php
- if (!defined('STATUSNET') && !defined('LACONICA')) {
- exit(1);
- }
- class StrictTransportSecurityPlugin extends Plugin
- {
- public $max_age = 15552000;
- public $includeSubDomains = false;
- function __construct()
- {
- parent::__construct();
- }
- function onArgsInitialize($args)
- {
- $path = common_config('site', 'path');
- if(common_config('site', 'ssl') == 'always' && ($path == '/' || ! $path )) {
- header('Strict-Transport-Security: max-age=' . $this->max_age . + ($this->includeSubDomains?'; includeSubDomains':''));
- }
- }
- function onPluginVersion(&$versions)
- {
- $versions[] = array('name' => 'StrictTransportSecurity',
- 'version' => GNUSOCIAL_VERSION,
- 'author' => 'Craig Andrews',
- 'homepage' => 'http://status.net/wiki/Plugin:StrictTransportSecurity',
- 'rawdescription' =>
-
- _m('The Strict Transport Security plugin implements the Strict Transport Security header, improving the security of HTTPS only sites.'));
- return true;
- }
- }
|