summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimon Rettberg2017-03-29 13:21:02 +0200
committerSimon Rettberg2017-03-29 13:21:02 +0200
commit0a4790ee46e7e1f19e760106e9f895a20ebd8ed2 (patch)
tree87a9d7dfcfc60aeee67789c7548e640cc89b95c5
parent[statistics] Fetch client log by UUID, not IP (diff)
downloadslx-admin-0a4790ee46e7e1f19e760106e9f895a20ebd8ed2.tar.gz
slx-admin-0a4790ee46e7e1f19e760106e9f895a20ebd8ed2.tar.xz
slx-admin-0a4790ee46e7e1f19e760106e9f895a20ebd8ed2.zip
Add param to disable HSTS, set headers to prevent caching
-rw-r--r--api.php5
-rw-r--r--index.php13
2 files changed, 18 insertions, 0 deletions
diff --git a/api.php b/api.php
index fdccf14a..a9eec1e7 100644
--- a/api.php
+++ b/api.php
@@ -42,8 +42,13 @@ if (Module::isAvailable($module)) {
if (!file_exists($module)) {
Util::traceError('Invalid module, or module without API: ' . $module);
}
+Header('Expires: Wed, 29 Mar 2007 09:56:28 GMT');
+Header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
+Header("Cache-Control: post-check=0, pre-check=0", false);
+Header("Pragma: no-cache");
Header('Content-Type: text/plain; charset=utf-8');
+
ob_start('ob_gzhandler');
// Load module - it will execute pre-processing, or act upon request parameters
require_once($module);
diff --git a/index.php b/index.php
index 5fff7e5e..20049335 100644
--- a/index.php
+++ b/index.php
@@ -114,6 +114,19 @@ if (defined('CONFIG_DEBUG') && CONFIG_DEBUG) {
});
}
+// Set HSTS Header if client is using HTTPS
+if(!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') {
+ if (Request::any('hsts') === 'off') {
+ Header('Strict-Transport-Security: max-age=0', true);
+ } else {
+ Header('Strict-Transport-Security: max-age=15768000', true);
+ }
+}
+Header('Expires: Wed, 29 Mar 2007 09:56:28 GMT');
+Header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
+Header("Cache-Control: post-check=0, pre-check=0", false);
+Header("Pragma: no-cache");
+
// Now determine which module to run
Page::init();