diff options
author | Max Kanat-Alexander <mkanat@bugzilla.org> | 2010-09-28 05:16:57 +0200 |
---|---|---|
committer | Max Kanat-Alexander <mkanat@bugzilla.org> | 2010-09-28 05:16:57 +0200 |
commit | f64efa79bd78ab59cb65588feacf93e0de475e48 (patch) | |
tree | 5d38efa3cc9da3dbcce08c975adc55a525570b86 /Bugzilla/CGI.pm | |
parent | 707573450030f45f33ac464d393749d32c55ae73 (diff) | |
download | bugzilla-f64efa79bd78ab59cb65588feacf93e0de475e48.tar.gz bugzilla-f64efa79bd78ab59cb65588feacf93e0de475e48.tar.xz |
Bug 594990: Make the Strict-Transport-Security HTTP header only be sent
if a particular parameter is enabled.
r=glob, a=mkanat
Diffstat (limited to 'Bugzilla/CGI.pm')
-rw-r--r-- | Bugzilla/CGI.pm | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm index 295c57bb2..de92cda99 100644 --- a/Bugzilla/CGI.pm +++ b/Bugzilla/CGI.pm @@ -275,8 +275,8 @@ sub header { } # Add Strict-Transport-Security (STS) header if this response - # is over SSL and ssl_redirect is enabled. - if ($self->https && Bugzilla->params->{'ssl_redirect'}) { + # is over SSL and the strict_transport_security param is turned on. + if ($self->https && Bugzilla->params->{'strict_transport_security'}) { unshift(@_, '-strict-transport-security' => 'max-age=' . MAX_STS_AGE); } |