tildeverse
/
cryptpad
4
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #987 from cremesk/main 

relax HSTS header checkup to only require a max age
This commit is contained in:
ansuz 2022-12-19 14:59:21 +05:30 committed by GitHub
parent a7463c1987 940d7d3118
commit 2834842f3a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
www/checkup/main.js
View File

@ -1579,8 +1579,7 @@ define([
var HSTS = H['strict-transport-security'];
// check for a numerical value of max-age
// and the use of includeSubDomains
if (/max\-age=\d+/.test(HSTS) && /includeSubDomains/.test(HSTS)) {
if (/max\-age=\d+/.test(HSTS)) {
return void cb(true);
}