diff options
| author | Simon Rettberg | 2017-05-04 16:50:35 +0200 |
|---|---|---|
| committer | Simon Rettberg | 2017-05-04 16:50:35 +0200 |
| commit | 71baea4fa255912113ad3067b74de72d2f09ce7f (patch) | |
| tree | 8cf6300b48b56cfc1c0274e1bd7d94c30325882a /modules-available/webinterface | |
| parent | [systemstatus] Put logs in tabbed view (diff) | |
| download | slx-admin-71baea4fa255912113ad3067b74de72d2f09ce7f.tar.gz slx-admin-71baea4fa255912113ad3067b74de72d2f09ce7f.tar.xz slx-admin-71baea4fa255912113ad3067b74de72d2f09ce7f.zip | |
[webinterface] Add separate option to enable HSTS
Diffstat (limited to 'modules-available/webinterface')
4 files changed, 13 insertions, 1 deletions
diff --git a/modules-available/webinterface/lang/de/template-tags.json b/modules-available/webinterface/lang/de/template-tags.json index ea1074d2..719dbdd6 100644 --- a/modules-available/webinterface/lang/de/template-tags.json +++ b/modules-available/webinterface/lang/de/template-tags.json @@ -18,6 +18,7 @@ "lang_showPasswords": "Passw\u00f6rter anzeigen", "lang_suppliedSelected": "Der Server verwendet zur Zeit ein \u00fcber die Option \"Eigenes Zertifikat\" hochgeladenes Zertifikat.", "lang_unknownSelected": "Unbekanntes oder ung\u00fcltiges Zertifikat vorhanden. Wahrscheinlich wurde der Server von einer alten Version aktualisiert. Um diese Meldung zu entfernen, die HTTPS-Konfiguration erneut vornehmen.", + "lang_useHsts": "HSTS aktivieren (dies erh\u00f6ht die Sicherheit, kann aber in bei sp\u00e4terem Deaktivieren von HTTPS zu Zugriffsproblemen f\u00fchren)", "lang_youreNotUsingHttps": "Sie besuchen diese Seite nicht per HTTPS (oder die HTTPS-Terminierung wird von einem vorgeschalteten Proxy \u00fcbernommen).", "lang_youreUsingHttps": "Sie besuchen diese Seite (aus Sicht des Webservers) per HTTPS." }
\ No newline at end of file diff --git a/modules-available/webinterface/lang/en/template-tags.json b/modules-available/webinterface/lang/en/template-tags.json index efe649cb..be521dcb 100644 --- a/modules-available/webinterface/lang/en/template-tags.json +++ b/modules-available/webinterface/lang/en/template-tags.json @@ -18,6 +18,7 @@ "lang_showPasswords": "Show passwords", "lang_suppliedSelected": "The server is currently using a certificate supplied using the \"Supply own certificate\" option.", "lang_unknownSelected": "Unknown or invalid certificate in use. The server war probably updated from an old version while HTTPS was already enabled. Redo the HTTPS configuration steps to get rid of this message.", + "lang_useHsts": "Use HSTS (increases security but might lead to problems accessing the site if you disable HTTPS later)", "lang_youreNotUsingHttps": "You're not using HTTPS to visit this website (or the HTTPS termination is done by a reverse proxy).", "lang_youreUsingHttps": "You're visiting this server through an HTTPS connection (from the server's point of view)." }
\ No newline at end of file diff --git a/modules-available/webinterface/page.inc.php b/modules-available/webinterface/page.inc.php index 93d659f0..5207420a 100644 --- a/modules-available/webinterface/page.inc.php +++ b/modules-available/webinterface/page.inc.php @@ -5,6 +5,7 @@ class Page_WebInterface extends Page const PROP_REDIRECT = 'webinterface.https-redirect'; const PROP_TYPE = 'webinterface.https-type'; + const PROP_HSTS = 'webinterface.https-hsts'; protected function doPreprocess() { @@ -42,6 +43,7 @@ class Page_WebInterface extends Page $task = $this->setRedirectMode(); break; } + Property::set(self::PROP_HSTS, Request::post('usehsts', false, 'string') === 'on' ? 'True' : 'False'); if (isset($task['id'])) { Session::set('https-id', $task['id']); Util::redirect('?do=WebInterface&show=httpsupdate' . $off); @@ -65,11 +67,13 @@ class Page_WebInterface extends Page } $type = Property::get(self::PROP_TYPE); $force = Property::get(self::PROP_REDIRECT) === 'True'; + $hsts = Property::get(self::PROP_HSTS) === 'True'; $https = !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off'; $exists = file_exists('/etc/lighttpd/server.pem'); $data = array( 'httpsUsed' => $https, - 'redirect_checked' => ($force ? 'checked' : '') + 'redirect_checked' => ($force ? 'checked' : ''), + 'hsts_checked' => ($hsts ? 'checked' : '') ); // Type should be 'off', 'generated', 'supplied' if ($type === 'off') { diff --git a/modules-available/webinterface/templates/https.html b/modules-available/webinterface/templates/https.html index 77585ddf..ecfe5f5d 100644 --- a/modules-available/webinterface/templates/https.html +++ b/modules-available/webinterface/templates/https.html @@ -78,6 +78,12 @@ MIIFfTCCA... {{lang_httpsRedirect}} </span> </div> + <div class="input-group"> + <span class="input-group-addon"><input id="usehsts" type="checkbox" name="usehsts" value="on" {{hsts_checked}}></span> + <span class="form-control" onclick="$('#usehsts').prop('checked', !$('#usehsts').prop('checked'))"> + {{lang_useHsts}} + </span> + </div> <br> <div class="pull-right"> |