From f7900fa08276d2668221a1b4ce7462d68e6f2893 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Fri, 5 May 2017 13:04:19 +0200
Subject: [webinterface] Log user out when disabling HTTPS to prevent lockout

---
 index.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'index.php')

diff --git a/index.php b/index.php
index 7cbb3b40..a3f45ff3 100644
--- a/index.php
+++ b/index.php
@@ -116,7 +116,7 @@ if (defined('CONFIG_DEBUG') && CONFIG_DEBUG) {
 
 // Set HSTS Header if client is using HTTPS
 if(!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') {
-	if (Request::any('hsts') === 'off' || Property::get('webinterface.https-hsts', 'False') !== 'True') {
+	if (Property::get('webinterface.https-hsts', 'False') !== 'True') {
 		Header('Strict-Transport-Security: max-age=0', true);
 	} else {
 		Header('Strict-Transport-Security: max-age=15768000', true);
-- 
cgit v1.2.3-55-g7522