summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMax Kanat-Alexander <mkanat@bugzilla.org>2010-12-06 16:52:31 +0100
committerMax Kanat-Alexander <mkanat@bugzilla.org>2010-12-06 16:52:31 +0100
commit067e958da7d04d51f3d9f061f51cf65e22e452d1 (patch)
tree9bcfd085e5548df56bc70493271e286e36b94bc9
parent6fac08b94b6cd67d8dd7ae8f7eeb5de5233c59d7 (diff)
downloadbugzilla-067e958da7d04d51f3d9f061f51cf65e22e452d1.tar.gz
bugzilla-067e958da7d04d51f3d9f061f51cf65e22e452d1.tar.xz
Bug 607138: Don't send the Strict-Transport-Security header for the
attachment_base. r=LpSolit, a=LpSolit
-rw-r--r--Bugzilla/CGI.pm8
1 files changed, 6 insertions, 2 deletions
diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm
index 8ec3ac28e..b32f76ae0 100644
--- a/Bugzilla/CGI.pm
+++ b/Bugzilla/CGI.pm
@@ -275,9 +275,13 @@ sub header {
# Add Strict-Transport-Security (STS) header if this response
# is over SSL and the strict_transport_security param is turned on.
- if ($self->https && Bugzilla->params->{'strict_transport_security'} ne 'off') {
+ if ($self->https && !$self->url_is_attachment_base
+ && Bugzilla->params->{'strict_transport_security'} ne 'off')
+ {
my $sts_opts = 'max-age=' . MAX_STS_AGE;
- if (Bugzilla->params->{'strict_transport_security'} eq 'include_subdomains') {
+ if (Bugzilla->params->{'strict_transport_security'}
+ eq 'include_subdomains')
+ {
$sts_opts .= '; includeSubDomains';
}
unshift(@_, '-strict_transport_security' => $sts_opts);