From a87d7b91cc95c8ac7aee327e4cf4d3ce564cdea1 Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Mon, 6 Dec 2010 17:40:46 +0100
Subject: add STS header for enforced SSL sites

* http://en.wikipedia.org/wiki/Strict_Transport_Security

This will tell browsers to interact with that site only per HTTPS.
---
 templates/vhosts/static/static.erb | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'templates/vhosts/static')

diff --git a/templates/vhosts/static/static.erb b/templates/vhosts/static/static.erb
index 18168c1..7eac5a9 100644
--- a/templates/vhosts/static/static.erb
+++ b/templates/vhosts/static/static.erb
@@ -106,6 +106,10 @@
     AddDefaultCharset <%= default_charset %>
     <%- end -%>
 
+    <%- if ssl_mode.to_s == 'force' then -%>
+    Header add Strict-Transport-Security "max-age=15768000"
+
+    <%- end -%>
     <%- if options.to_s != 'absent' or htpasswd_file.to_s != 'absent' then -%>
     <Directory "<%= documentroot %>/">
         AllowOverride <%= allow_override %>
-- 
cgit v1.2.3