diff options
author | Max Kanat-Alexander <mkanat@bugzilla.org> | 2010-12-06 16:52:31 +0100 |
---|---|---|
committer | Max Kanat-Alexander <mkanat@bugzilla.org> | 2010-12-06 16:52:31 +0100 |
commit | 067e958da7d04d51f3d9f061f51cf65e22e452d1 (patch) | |
tree | 9bcfd085e5548df56bc70493271e286e36b94bc9 | |
parent | 6fac08b94b6cd67d8dd7ae8f7eeb5de5233c59d7 (diff) | |
download | bugzilla-067e958da7d04d51f3d9f061f51cf65e22e452d1.tar.gz bugzilla-067e958da7d04d51f3d9f061f51cf65e22e452d1.tar.xz |
Bug 607138: Don't send the Strict-Transport-Security header for the
attachment_base.
r=LpSolit, a=LpSolit
-rw-r--r-- | Bugzilla/CGI.pm | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm index 8ec3ac28e..b32f76ae0 100644 --- a/Bugzilla/CGI.pm +++ b/Bugzilla/CGI.pm @@ -275,9 +275,13 @@ sub header { # Add Strict-Transport-Security (STS) header if this response # is over SSL and the strict_transport_security param is turned on. - if ($self->https && Bugzilla->params->{'strict_transport_security'} ne 'off') { + if ($self->https && !$self->url_is_attachment_base + && Bugzilla->params->{'strict_transport_security'} ne 'off') + { my $sts_opts = 'max-age=' . MAX_STS_AGE; - if (Bugzilla->params->{'strict_transport_security'} eq 'include_subdomains') { + if (Bugzilla->params->{'strict_transport_security'} + eq 'include_subdomains') + { $sts_opts .= '; includeSubDomains'; } unshift(@_, '-strict_transport_security' => $sts_opts); |