summaryrefslogtreecommitdiff
path: root/app
diff options
context:
space:
mode:
Diffstat (limited to 'app')
-rw-r--r--app/Controller/Base.php5
-rw-r--r--app/constants.php3
2 files changed, 7 insertions, 1 deletions
diff --git a/app/Controller/Base.php b/app/Controller/Base.php
index 8f822f3d..e9957bbd 100644
--- a/app/Controller/Base.php
+++ b/app/Controller/Base.php
@@ -116,9 +116,12 @@ abstract class Base
$this->response->csp(array('style-src' => "'self' 'unsafe-inline'"));
$this->response->nosniff();
$this->response->xss();
- $this->response->hsts();
$this->response->xframe();
+ if (ENABLE_HSTS) {
+ $this->response->hsts();
+ }
+
// Load translations
$language = $this->config->get('language', 'en_US');
if ($language !== 'en_US') Translator::load($language);
diff --git a/app/constants.php b/app/constants.php
index d52ce2be..777e6f0e 100644
--- a/app/constants.php
+++ b/app/constants.php
@@ -68,3 +68,6 @@ defined('MAIL_SMTP_USERNAME') or define('MAIL_SMTP_USERNAME', '');
defined('MAIL_SMTP_PASSWORD') or define('MAIL_SMTP_PASSWORD', '');
defined('MAIL_SMTP_ENCRYPTION') or define('MAIL_SMTP_ENCRYPTION', null);
defined('MAIL_SENDMAIL_COMMAND') or define('MAIL_SENDMAIL_COMMAND', '/usr/sbin/sendmail -bs');
+
+// Enable or disable "Strict-Transport-Security" HTTP header
+defined('ENABLE_HSTS') or define('ENABLE_HSTS', true);
generated by cgit v1.2.3 (git 2.46.0) at 2024-11-23 16:54:21 +0000