From eeb4688dcc7caafeaa020a3cd9d78d18aea30353 Mon Sep 17 00:00:00 2001
From: Frédéric Guillot <fred@kanboard.net>
Date: Sat, 20 Sep 2014 15:35:17 +0200
Subject: Add configuration option to enable/disable
 'Strict-Transport-Security' HTTP header

---
 app/Controller/Base.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'app/Controller/Base.php')

diff --git a/app/Controller/Base.php b/app/Controller/Base.php
index 8f822f3d..e9957bbd 100644
--- a/app/Controller/Base.php
+++ b/app/Controller/Base.php
@@ -116,9 +116,12 @@ abstract class Base
         $this->response->csp(array('style-src' => "'self' 'unsafe-inline'"));
         $this->response->nosniff();
         $this->response->xss();
-        $this->response->hsts();
         $this->response->xframe();
 
+        if (ENABLE_HSTS) {
+            $this->response->hsts();
+        }
+
         // Load translations
         $language = $this->config->get('language', 'en_US');
         if ($language !== 'en_US') Translator::load($language);
-- 
cgit v1.2.3