Implement HSTS preload

This allows browsers to query https directly instead of the initial http redirect https://hstspreload.org/#opt-in says it should be explicitly opt in
2023-03-06 11:15:55 +01:00
parent 5bbeb1196a
commit 8448d28f6f
11 changed files with 36 additions and 9 deletions
--- a/dashboard/src/views/app.html
+++ b/dashboard/src/views/app.html
@@ -1282,6 +1282,15 @@
                <textarea ng-model="security.csp" placeholder="default-src 'self'; frame-ancestors 'none';" class="form-control text-monospace" rows="2"></textarea>
              </div>

+              <div class="form-group">
+                <div class="checkbox">
+                  <label>
+                    <input type="checkbox" ng-model="security.hstsPreload">{{ 'app.security.hstsPreload' | tr }}</input>
+                    <sup><a ng-href="https://docs.cloudron.io/apps/#hsts-preload" class="help" target="_blank"><i class="fa fa-question-circle"></i></a></sup>
+                  </label>
+                </div>
+              </div>
+
              <input class="ng-hide" type="submit" ng-disabled="securityForm.$invalid || security.busy"/>
            </form>
          </div>