function hsts_init in HTTP Strict Transport Security 7
Same name and namespace in other branches
- 6 hsts.module \hsts_init()
Implements hook_init().
Sets the header in all requests to include the HSTS max-age value
File
- ./
hsts.module, line 17 - Main module file for the HSTS (HTTP Strict Transport Security) module.
Code
function hsts_init() {
global $is_https;
// Set the header to include the HSTS data
if (TRUE == variable_get('hsts_enabled', FALSE) and (variable_get('hsts_https_only', TRUE) or $is_https)) {
// Add the max age header
$hsts_header = 'max-age=' . check_plain(variable_get('hsts_max_age', 500));
if (variable_get('hsts_subdomains', FALSE)) {
// Include subdomains
$hsts_header .= ';includeSubDomains';
}
drupal_add_http_header('Strict-Transport-Security', $hsts_header);
}
}