Merge pull request #1705 from owncloud/DisableHSTS

Invalidate existing HSTS headers
2026-04-29 10:03:32 -04:00 · 2013-02-14 11:33:26 -08:00 · 2013-02-14 11:33:26 -08:00 · b6cbfc9cfe
commit b6cbfc9cfe
parent 5624f1b838 be194c5b5b
1 changed files with 5 additions and 0 deletions
--- a/lib/base.php
+++ b/lib/base.php
@ -231,6 +231,11 @@ class OC {
 				header("Location: $url");
 				exit();
 			}
+		} else {
+			// Invalidate HSTS headers
+			if (OC_Request::serverProtocol() === 'https') {
+				header('Strict-Transport-Security: max-age=0');
+			}
 		}
 	}