| 1 | Index: src/wp-includes/functions.php |
|---|
| 2 | =================================================================== |
|---|
| 3 | --- src/wp-includes/functions.php (revision 28749) |
|---|
| 4 | +++ src/wp-includes/functions.php (working copy) |
|---|
| 5 | @@ -1018,6 +1018,43 @@ |
|---|
| 6 | } |
|---|
| 7 | |
|---|
| 8 | /** |
|---|
| 9 | + * Get the headers for HSTS. |
|---|
| 10 | + * |
|---|
| 11 | + * This function depends on the constant, ENABLE_HSTS, to be set to the value of |
|---|
| 12 | + * max-age component of the header. Setting to true will set the HSTS value for |
|---|
| 13 | + * 1 year. Setting as integer will set to that value. If set to 0, it will turn |
|---|
| 14 | + * off HSTS. |
|---|
| 15 | + * |
|---|
| 16 | + * @since 4.0.0 |
|---|
| 17 | + * @return array The associative array of header information to enforce HSTS. |
|---|
| 18 | + */ |
|---|
| 19 | +function get_hsts_headers() { |
|---|
| 20 | + $headers = array(); |
|---|
| 21 | + |
|---|
| 22 | + if ( defined( 'ENABLE_HSTS' ) && ( is_int( ENABLE_HSTS ) || true === ENABLE_HSTS ) ) { |
|---|
| 23 | + $max_age = ( true === ENABLE_HSTS ) ? 31536000 : absint( ENABLE_HSTS ); |
|---|
| 24 | + $headers = array( |
|---|
| 25 | + 'Strict-Transport-Security' => 'max-age=' . $max_age, |
|---|
| 26 | + ); |
|---|
| 27 | + } |
|---|
| 28 | + |
|---|
| 29 | + return apply_filters( 'hsts_headers', $headers ); |
|---|
| 30 | +} |
|---|
| 31 | + |
|---|
| 32 | +/** |
|---|
| 33 | + * Set HSTS headers. |
|---|
| 34 | + * |
|---|
| 35 | + * @since 4.0.0 |
|---|
| 36 | + */ |
|---|
| 37 | +function hsts_headers() { |
|---|
| 38 | + $headers = get_hsts_headers(); |
|---|
| 39 | + |
|---|
| 40 | + foreach ( $headers as $header => $value ) { |
|---|
| 41 | + header( $header . ': ' . $value ); |
|---|
| 42 | + } |
|---|
| 43 | +} |
|---|
| 44 | + |
|---|
| 45 | +/** |
|---|
| 46 | * Set the headers for caching for 10 days with JavaScript content type. |
|---|
| 47 | * |
|---|
| 48 | * @since 2.1.0 |
|---|