Bug 562475 - "Bugzilla should use strict-transport-security (STS) headers"

[r=mkanat a=mkanat]
author: Reed Loden <reed@reedloden.com> 2010-06-26 03:12:06 +0200
committer: Reed Loden <reed@reedloden.com> 2010-06-26 03:12:06 +0200
commit: 4a85d6d1ead4cf6020148034425b7ea6de0f5899 (patch)
tree: 76a62bf83aa9088da952a649a6ac26b618938160 /Bugzilla/Constants.pm
parent: d386a4e8d5eeb9936c0d60029d5193dcf547e442 (diff)
download: bugzilla-4a85d6d1ead4cf6020148034425b7ea6de0f5899.tar.gz
bugzilla-4a85d6d1ead4cf6020148034425b7ea6de0f5899.tar.xz
1 files changed, 5 insertions, 0 deletions
diff --git a/Bugzilla/Constants.pm b/Bugzilla/Constants.pm
index 37af78fb0..d11736af1 100644
--- a/Bugzilla/Constants.pm
+++ b/Bugzilla/Constants.pm
@@ -160,6 +160,7 @@ use File::Basename;
     MAX_LOGINCOOKIE_AGE
     MAX_LOGIN_ATTEMPTS
     LOGIN_LOCKOUT_INTERVAL
+    MAX_STS_AGE
 
     SAFE_PROTOCOLS
     LEGAL_CONTENT_TYPES
@@ -421,6 +422,10 @@ use constant MAX_LOGIN_ATTEMPTS => 5;
 # account is locked.
 use constant LOGIN_LOCKOUT_INTERVAL => 30;
 
+# The maximum number of seconds the Strict-Transport-Security header
+# will remain valid. Default is one week.
+use constant MAX_STS_AGE => 604800;
+
 # Protocols which are considered as safe.
 use constant SAFE_PROTOCOLS => ('afs', 'cid', 'ftp', 'gopher', 'http', 'https',
                                 'irc', 'mid', 'news', 'nntp', 'prospero', 'telnet',
author	Reed Loden <reed@reedloden.com>	2010-06-26 03:12:06 +0200
committer	Reed Loden <reed@reedloden.com>	2010-06-26 03:12:06 +0200
commit	4a85d6d1ead4cf6020148034425b7ea6de0f5899 (patch)
tree	76a62bf83aa9088da952a649a6ac26b618938160 /Bugzilla/Constants.pm
parent	d386a4e8d5eeb9936c0d60029d5193dcf547e442 (diff)
download	bugzilla-4a85d6d1ead4cf6020148034425b7ea6de0f5899.tar.gz bugzilla-4a85d6d1ead4cf6020148034425b7ea6de0f5899.tar.xz