StarCitizenTools/mediawiki-skins-Citizen
1
0
Fork 0
mirror of https://github.com/StarCitizenTools/mediawiki-skins-Citizen.git synced 2024-11-28 08:10:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added HSTS preload support

Browse source
This commit is contained in:
alistair3149 2019-12-23 22:43:11 -05:00
parent 97d3e2ccb2
commit 6ee9ce7f98
2 changed files with 8 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
includes/SkinCitizen.php
View file

@ -52,6 +52,7 @@ class SkinCitizen extends SkinTemplate {
$hstsmaxage = $this->getConfig()->get( 'CitizenHSTSMaxAge' );
$hstsincludesubdomains = $this->getConfig()->get( 'CitizenHSTSIncludeSubdomains' );
$hstspreload = $this->getConfig()->get( 'CitizenHSTSPreload' );
// HSTS max age
if ( is_int( $hstsmaxage ) ) {
@ -61,7 +62,7 @@ class SkinCitizen extends SkinTemplate {
$hstsmaxage = 300;
}
$out->getRequest()->response()->header( 'Strict-Transport-Security: max-age=' . $hstsmaxage . ( $hstsincludesubdomains ? '; includeSubDomains' : '' ) );
$out->getRequest()->response()->header( 'Strict-Transport-Security: max-age=' . $hstsmaxage . ( $hstsincludesubdomains ? '; includeSubDomains' : '' ) . ( $hstspreload ? '; preload' : '' ) );
}
// Deny X-Frame-Options
if ( $this->getConfig()->get( 'CitizenEnableDenyXFrameOptions' ) ) {

6
skin.json
View file

@ -49,6 +49,12 @@
"descriptionmsg": "citizen-config-hstsincludesubdomains",
"public": true
},
"HSTSPreload": {
"value": false,
"description": "Enable or disable HSTS preload",
"descriptionmsg": "citizen-config-hstspreload",
"public": true
},
"EnableDenyXFrameOptions": {
"value": false,
"description": "Enable or disable the deny X-Frame-Options header",