[wp-trac] [WordPress Trac] #28520: Mechanism for sending an HSTS header
WordPress Trac
noreply at wordpress.org
Fri Jun 13 19:47:03 UTC 2014
#28520: Mechanism for sending an HSTS header
----------------------------+------------------
Reporter: johnbillion | Owner:
Type: task (blessed) | Status: new
Priority: normal | Milestone: 4.0
Component: Security | Version:
Severity: normal | Resolution:
Keywords: | Focuses:
----------------------------+------------------
Comment (by tollmanz):
This patch just adds the header definitions, but does not actually set
them. I'm a little confused as to where WordPress needs to set headers.
To enable, you need to add something like the following in {{{wp-
config.php}}}:
{{{
define( 'ENABLE_HSTS', 12345 );
}}}
You can turn it off by setting it to {{{0}}}.
I think that since this is "the" place that devs will be encouraged to
handle HSTS headers, we should all for adding the {{{includeSubDomains}}}
value. Not sure how to do this though.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/28520#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list