From f64efa79bd78ab59cb65588feacf93e0de475e48 Mon Sep 17 00:00:00 2001
From: Max Kanat-Alexander <mkanat@bugzilla.org>
Date: Mon, 27 Sep 2010 20:16:57 -0700
Subject: Bug 594990: Make the Strict-Transport-Security HTTP header only be
 sent if a particular parameter is enabled. r=glob, a=mkanat

---
 Bugzilla/CGI.pm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'Bugzilla/CGI.pm')

diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm
index 295c57bb2..de92cda99 100644
--- a/Bugzilla/CGI.pm
+++ b/Bugzilla/CGI.pm
@@ -275,8 +275,8 @@ sub header {
     }
 
     # Add Strict-Transport-Security (STS) header if this response
-    # is over SSL and ssl_redirect is enabled.
-    if ($self->https && Bugzilla->params->{'ssl_redirect'}) {
+    # is over SSL and the strict_transport_security param is turned on.
+    if ($self->https && Bugzilla->params->{'strict_transport_security'}) {
         unshift(@_, '-strict-transport-security' => 'max-age=' . MAX_STS_AGE);
     }
 
-- 
cgit v1.2.3-24-g4f1b