From 425089524373137e11d3691e7efdce0fb89281c8 Mon Sep 17 00:00:00 2001
From: redmatrix <git@macgirvin.com>
Date: Thu, 4 Feb 2016 20:38:22 -0800
Subject: make strict transport security header optional

---
 boot.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'boot.php')

diff --git a/boot.php b/boot.php
index 238935da3..cb595e0ef 100755
--- a/boot.php
+++ b/boot.php
@@ -2164,7 +2164,7 @@ function construct_page(&$a) {
 
 	// security headers - see https://securityheaders.io
 
-	if($a->get_scheme() === 'https')
+	if($a->get_scheme() === 'https' && $a->config['system']['transport_security_header'])
 		header("Strict-Transport-Security: max-age=31536000");
 
 	header("Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'");
-- 
cgit v1.2.3