Skip to content
Snippets Groups Projects
Commit 6c30acdf authored by deuce's avatar deuce
Browse files

Add new web option "HSTS_SAFE" 

If this option is set, it means that all content available via http:// is
available at the same https:// URL.  This will trigger to new behaviours:
1) If an HTTP request has the "Upgrade-Insecure-Requests: 1" header, the
   client will get a 307 redirect to the https:// URL.
2) For https:// responses, the following two headers will be added:
   Content-Security-Policy: block-all-mixed-content
   Strict-Transport-Security: max-age=10886400; preload
parent 718cb5e7
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment