diff options
| author | Simon Rettberg | 2017-03-29 13:21:02 +0200 |
|---|---|---|
| committer | Simon Rettberg | 2017-03-29 13:21:02 +0200 |
| commit | 0a4790ee46e7e1f19e760106e9f895a20ebd8ed2 (patch) | |
| tree | 87a9d7dfcfc60aeee67789c7548e640cc89b95c5 | |
| parent | [statistics] Fetch client log by UUID, not IP (diff) | |
| download | slx-admin-0a4790ee46e7e1f19e760106e9f895a20ebd8ed2.tar.gz slx-admin-0a4790ee46e7e1f19e760106e9f895a20ebd8ed2.tar.xz slx-admin-0a4790ee46e7e1f19e760106e9f895a20ebd8ed2.zip | |
Add param to disable HSTS, set headers to prevent caching
| -rw-r--r-- | api.php | 5 | ||||
| -rw-r--r-- | index.php | 13 |
2 files changed, 18 insertions, 0 deletions
@@ -42,8 +42,13 @@ if (Module::isAvailable($module)) { if (!file_exists($module)) { Util::traceError('Invalid module, or module without API: ' . $module); } +Header('Expires: Wed, 29 Mar 2007 09:56:28 GMT'); +Header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0"); +Header("Cache-Control: post-check=0, pre-check=0", false); +Header("Pragma: no-cache"); Header('Content-Type: text/plain; charset=utf-8'); + ob_start('ob_gzhandler'); // Load module - it will execute pre-processing, or act upon request parameters require_once($module); @@ -114,6 +114,19 @@ if (defined('CONFIG_DEBUG') && CONFIG_DEBUG) { }); } +// Set HSTS Header if client is using HTTPS +if(!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') { + if (Request::any('hsts') === 'off') { + Header('Strict-Transport-Security: max-age=0', true); + } else { + Header('Strict-Transport-Security: max-age=15768000', true); + } +} +Header('Expires: Wed, 29 Mar 2007 09:56:28 GMT'); +Header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0"); +Header("Cache-Control: post-check=0, pre-check=0", false); +Header("Pragma: no-cache"); + // Now determine which module to run Page::init(); |