From cda213596672b50e4c1dff3846444a61a47cfd7d Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@statuscode.ch>
Date: Wed, 10 Oct 2012 18:56:14 +0200
Subject: [PATCH] Send a HSTS HTTP header to enforce SSL

---
 lib/base.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/base.php b/lib/base.php
index c898273d9e..21b7165e5e 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -193,6 +193,7 @@ class OC{
 	public static function checkSSL() {
 		// redirect to https site if configured
 		if( OC_Config::getValue( "forcessl", false )) {
+			header('Strict-Transport-Security: max-age=31536000');
 			ini_set("session.cookie_secure", "on");
 			if(OC_Request::serverProtocol()<>'https' and !OC::$CLI) {
 				$url = "https://". OC_Request::serverHost() . $_SERVER['REQUEST_URI'];