• src/sbbs3/websrvr.c websrvr.h

    From deuce@VERT to CVS commit on Fri Mar 6 21:18:50 2020
    src/sbbs3 websrvr.c 1.704 1.705 websrvr.h 1.56 1.57
    Update of /cvsroot/sbbs/src/sbbs3
    In directory cvs:/tmp/cvs-serv19802

    Modified Files:
    websrvr.c websrvr.h
    Log Message:
    Add new web option "HSTS_SAFE"

    If this option is set, it means that all content available via http:// is available at the same https:// URL. This will trigger to new behaviours:
    1) If an HTTP request has the "Upgrade-Insecure-Requests: 1" header, the
    client will get a 307 redirect to the https:// URL.
    2) For https:// responses, the following two headers will be added:
    Content-Security-Policy: block-all-mixed-content
    Strict-Transport-Security: max-age=10886400; preload




    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows 11)@VERT to Git commit to main/sbbs/master on Sun Mar 3 04:07:48 2024
    https://gitlab.synchro.net/main/sbbs/-/commit/a66b8cf517effc0737dcc3e3
    Modified Files:
    src/sbbs3/websrvr.c websrvr.h
    Log Message:
    Add NO_HTTP option to web server, for a HTTPS-only web server

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net