src/sbbs3 websrvr.c 1.704 1.705 websrvr.h 1.56 1.57
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv19802
Modified Files:
websrvr.c websrvr.h
Log Message:
Add new web option "HSTS_SAFE"
If this option is set, it means that all content available via
http:// is available at the same
https:// URL. This will trigger to new behaviours:
1) If an HTTP request has the "Upgrade-Insecure-Requests: 1" header, the
client will get a 307 redirect to the
https:// URL.
2) For
https:// responses, the following two headers will be added:
Content-Security-Policy: block-all-mixed-content
Strict-Transport-Security: max-age=10886400; preload
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net