From: Max Kanat-Alexander <mkanat@bugzilla.org>
Date: Mon, 6 Dec 2010 15:53:29 +0000 (-0800)
Subject: Bug 607138: Don't send the Strict-Transport-Security header for the
X-Git-Tag: bugzilla-4.0rc2~45
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=054a210355c8c2af049bcd7469971f3713ca5311;p=thirdparty%2Fbugzilla.git

Bug 607138: Don't send the Strict-Transport-Security header for the
attachment_base.
r=LpSolit, a=LpSolit
---

diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm
index 1dfca0a604..c5cb0fa62e 100644
--- a/Bugzilla/CGI.pm
+++ b/Bugzilla/CGI.pm
@@ -287,9 +287,13 @@ sub header {
 
     # Add Strict-Transport-Security (STS) header if this response
     # is over SSL and the strict_transport_security param is turned on.
-    if ($self->https && Bugzilla->params->{'strict_transport_security'} ne 'off') {
+    if ($self->https && !$self->url_is_attachment_base
+        && Bugzilla->params->{'strict_transport_security'} ne 'off') 
+    {
         my $sts_opts = 'max-age=' . MAX_STS_AGE;
-        if (Bugzilla->params->{'strict_transport_security'} eq 'include_subdomains') {
+        if (Bugzilla->params->{'strict_transport_security'} 
+            eq 'include_subdomains')
+        {
             $sts_opts .= '; includeSubDomains';
         }
         unshift(@_, '-strict_transport_security' => $sts_opts);