From a87d7b91cc95c8ac7aee327e4cf4d3ce564cdea1 Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Mon, 6 Dec 2010 17:40:46 +0100
Subject: add STS header for enforced SSL sites

* http://en.wikipedia.org/wiki/Strict_Transport_Security

This will tell browsers to interact with that site only per HTTPS.
---
 templates/vhosts/php_gallery2/php_gallery2.erb | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'templates/vhosts/php_gallery2')

diff --git a/templates/vhosts/php_gallery2/php_gallery2.erb b/templates/vhosts/php_gallery2/php_gallery2.erb
index ee2275a..075db8c 100644
--- a/templates/vhosts/php_gallery2/php_gallery2.erb
+++ b/templates/vhosts/php_gallery2/php_gallery2.erb
@@ -147,6 +147,10 @@
         AssignUserId <%= run_uid+" "+run_gid %>
     </IfModule>
 
+    <%- end -%>
+    <%- if ssl_mode.to_s == 'force' then -%>
+    Header add Strict-Transport-Security "max-age=15768000"
+
     <%- end -%>
     <Directory "<%= documentroot %>/">
         AllowOverride <%= allow_override %>
@@ -354,6 +358,10 @@
     <%- if default_charset.to_s != 'absent' then -%>
     AddDefaultCharset <%= default_charset %>
 
+    <%- end -%>
+    <%- if ssl_mode.to_s == 'force' then -%>
+    Header add Strict-Transport-Security "max-age=15768000"
+
     <%- end -%>
     <%- if run_mode.to_s == 'static-itk' -%>
     <Directory "<%= documentroot %>/">
-- 
cgit v1.2.3