Implement HSTS preload
This allows browsers to query https directly instead of the initial http redirect https://hstspreload.org/#opt-in says it should be explicitly opt in
This commit is contained in:
Girish Ramakrishnan
@@ -1282,6 +1282,15 @@
|
||||
<textarea ng-model="security.csp" placeholder="default-src 'self'; frame-ancestors 'none';" class="form-control text-monospace" rows="2"></textarea>
|
||||
</div>
|
||||
|
||||
<div class="form-group">
|
||||
<div class="checkbox">
|
||||
<label>
|
||||
<input type="checkbox" ng-model="security.hstsPreload">{{ 'app.security.hstsPreload' | tr }}</input>
|
||||
<sup><a ng-href="https://docs.cloudron.io/apps/#hsts-preload" class="help" target="_blank"><i class="fa fa-question-circle"></i></a></sup>
|
||||
</label>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<input class="ng-hide" type="submit" ng-disabled="securityForm.$invalid || security.busy"/>
|
||||
</form>
|
||||
</div>
|
||||
|
||||
@@ -1063,11 +1063,13 @@ angular.module('Application').controller('AppController', ['$scope', '$location'
|
||||
|
||||
robotsTxt: '',
|
||||
csp: '',
|
||||
hstsPreload: false,
|
||||
|
||||
show: function () {
|
||||
$scope.security.error = {};
|
||||
$scope.security.robotsTxt = $scope.app.reverseProxyConfig.robotsTxt || '';
|
||||
$scope.security.csp = $scope.app.reverseProxyConfig.csp || '';
|
||||
$scope.security.hstsPreload = $scope.app.reverseProxyConfig.hstsPreload || false;
|
||||
},
|
||||
|
||||
submit: function () {
|
||||
@@ -1076,7 +1078,8 @@ angular.module('Application').controller('AppController', ['$scope', '$location'
|
||||
|
||||
var reverseProxyConfig = {
|
||||
robotsTxt: $scope.security.robotsTxt || null, // empty string resets
|
||||
csp: $scope.security.csp || null // empty string resets
|
||||
csp: $scope.security.csp || null, // empty string resets
|
||||
hstsPreload: $scope.security.hstsPreload
|
||||
};
|
||||
|
||||
Client.configureApp($scope.app.id, 'reverse_proxy', reverseProxyConfig, function (error) {
|
||||
|
||||
Reference in New Issue
Block a user