You are here

hsts.module in HTTP Strict Transport Security 7

Same filename and directory in other branches
  1. 8 hsts.module
  2. 6 hsts.module

Main module file for the HSTS (HTTP Strict Transport Security) module.

This modules allows you to add the HSTS header tags to trigger Strict Transport Security on compatible clients

File

hsts.module
View source
<?php

// $Id$

/**
 * @file
 * Main module file for the HSTS (HTTP Strict Transport Security) module.
 *
 * This modules allows you to add the HSTS header tags to trigger
 * Strict Transport Security on compatible clients
 */

/**
 * Implements hook_init().
 *
 * Sets the header in all requests to include the HSTS max-age value
 */
function hsts_init() {
  global $is_https;

  // Set the header to include the HSTS data
  if (TRUE == variable_get('hsts_enabled', FALSE) and (variable_get('hsts_https_only', TRUE) or $is_https)) {

    // Add the max age header
    $hsts_header = 'max-age=' . check_plain(variable_get('hsts_max_age', 500));
    if (variable_get('hsts_subdomains', FALSE)) {

      // Include subdomains
      $hsts_header .= ';includeSubDomains';
    }
    drupal_add_http_header('Strict-Transport-Security', $hsts_header);
  }
}

/**
 * Implements hook_perm().
 */
function hsts_permission() {
  return array(
    'administer strict transport security' => array(
      'title' => t('Administer Strict Transport Security Settings'),
      'description' => t('Allow a user to enable/disable the HSTS header as well as the header values.'),
    ),
  );
}

/**
 * Implements hook_menu().
 */
function hsts_menu() {
  $items = array();
  $items['admin/config/security'] = array(
    'title' => 'Security',
    'description' => 'Configure the security modules on this site.',
    'page callback' => 'system_admin_menu_block_page',
    'page arguments' => array(
      'form_id',
    ),
    'position' => 'right',
    'access arguments' => array(
      'administer site configuration',
    ),
    'file' => 'system.admin.inc',
    'file path' => drupal_get_path('module', 'system'),
  );
  $items['admin/config/security/hsts'] = array(
    'title' => 'HTTP Strict Transport Security Settings',
    'description' => 'Set header configuration for Strict Transport Security',
    'page callback' => 'drupal_get_form',
    'page arguments' => array(
      'hsts_admin_settings_form',
    ),
    'access arguments' => array(
      'administer strict transport security',
    ),
    'type' => MENU_NORMAL_ITEM,
    'file' => 'hsts.admin.inc',
  );
  return $items;
}

/**
 * Implements hook_requirements().
 */
function hsts_requirements($phase) {
  $requirements = array();
  if ($phase == 'runtime') {
    $hsts_https_only = variable_get('hsts_https_only', FALSE);
    $requirements['hsts_https_only'] = array(
      'title' => t('HTTP Strict Transport Security header restriction only to HTTPS'),
      'value' => $hsts_https_only ? t('Enabled') : t('Disabled'),
      'severity' => $hsts_https_only ? REQUIREMENT_OK : REQUIREMENT_WARNING,
    );
  }
  return $requirements;
}

Functions

Namesort descending Description
hsts_init Implements hook_init().
hsts_menu Implements hook_menu().
hsts_permission Implements hook_perm().
hsts_requirements Implements hook_requirements().