Implement HSTS preload

This allows browsers to query https directly instead of the initial http redirect

https://hstspreload.org/#opt-in says it should be explicitly opt in
This commit is contained in:
Girish Ramakrishnan
2023-03-06 11:15:55 +01:00
parent 5bbeb1196a
commit 8448d28f6f
11 changed files with 36 additions and 9 deletions

View File

@@ -1063,11 +1063,13 @@ angular.module('Application').controller('AppController', ['$scope', '$location'
robotsTxt: '',
csp: '',
hstsPreload: false,
show: function () {
$scope.security.error = {};
$scope.security.robotsTxt = $scope.app.reverseProxyConfig.robotsTxt || '';
$scope.security.csp = $scope.app.reverseProxyConfig.csp || '';
$scope.security.hstsPreload = $scope.app.reverseProxyConfig.hstsPreload || false;
},
submit: function () {
@@ -1076,7 +1078,8 @@ angular.module('Application').controller('AppController', ['$scope', '$location'
var reverseProxyConfig = {
robotsTxt: $scope.security.robotsTxt || null, // empty string resets
csp: $scope.security.csp || null // empty string resets
csp: $scope.security.csp || null, // empty string resets
hstsPreload: $scope.security.hstsPreload
};
Client.configureApp($scope.app.id, 'reverse_proxy', reverseProxyConfig, function (error) {