Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
luci-base: append Strict-Transport-Security header on https
The HTTP Strict-Transport-Security response header (often abbreviated as HSTS) lets a web site tell browsers that it should only be accessed using HTTPS, instead of using HTTP. The Strict-Transport-Security header is ignored by the browser when your site is accessed using HTTP; this is because an attacker may intercept HTTP connections and inject the header or remove it. So the header will only be send if luci is accessed over HTTPS. The "max-age" expire time could be configured in "/etc/config/luci" main section with the option "stricthttps". Signed-off-by: Florian Eckert <fe@dev.tdt.de>
- Loading branch information