From 71baea4fa255912113ad3067b74de72d2f09ce7f Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Thu, 4 May 2017 16:50:35 +0200
Subject: [webinterface] Add separate option to enable HSTS

---
 index.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'index.php')

diff --git a/index.php b/index.php
index 6f547418..7cbb3b40 100644
--- a/index.php
+++ b/index.php
@@ -116,7 +116,7 @@ if (defined('CONFIG_DEBUG') && CONFIG_DEBUG) {
 
 // Set HSTS Header if client is using HTTPS
 if(!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') {
-	if (Request::any('hsts') === 'off') {
+	if (Request::any('hsts') === 'off' || Property::get('webinterface.https-hsts', 'False') !== 'True') {
 		Header('Strict-Transport-Security: max-age=0', true);
 	} else {
 		Header('Strict-Transport-Security: max-age=15768000', true);
-- 
cgit v1.2.3-55-g7522