diff options
author | Dexter Morgan <dmorgan@mageia.org> | 2013-02-20 16:07:49 +0000 |
---|---|---|
committer | Colin Guthrie <colin@mageia.org> | 2014-09-15 20:44:40 +0100 |
commit | ba702dcd7ac9b2e6c4d46ad21c7bfacfd6883189 (patch) | |
tree | ece0d9c9d8fa1eff83f8527397da6b2c8c755dd6 /template/en/default/admin/params/advanced.html.tmpl | |
parent | 48a4cb57974b7f1932c3fe31825c02e4dc4ab30c (diff) | |
download | bugzilla-ba702dcd7ac9b2e6c4d46ad21c7bfacfd6883189.tar bugzilla-ba702dcd7ac9b2e6c4d46ad21c7bfacfd6883189.tar.gz bugzilla-ba702dcd7ac9b2e6c4d46ad21c7bfacfd6883189.tar.bz2 bugzilla-ba702dcd7ac9b2e6c4d46ad21c7bfacfd6883189.tar.xz bugzilla-ba702dcd7ac9b2e6c4d46ad21c7bfacfd6883189.zip |
Add 4.0 branch
Diffstat (limited to 'template/en/default/admin/params/advanced.html.tmpl')
-rw-r--r-- | template/en/default/admin/params/advanced.html.tmpl | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/template/en/default/admin/params/advanced.html.tmpl b/template/en/default/admin/params/advanced.html.tmpl index 4caa2f1..a8e8a29 100644 --- a/template/en/default/admin/params/advanced.html.tmpl +++ b/template/en/default/admin/params/advanced.html.tmpl @@ -24,6 +24,35 @@ desc = "Settings for advanced configurations." %] +[% sts_desc = BLOCK %] + Enables the sending of the + <a href="http://en.wikipedia.org/wiki/Strict_Transport_Security">Strict-Transport-Security</a> + header along with HTTP responses on SSL connections. This adds greater + security to your SSL connections by forcing the browser to always + access your domain over SSL and never accept an invalid certificate. + However, it should only be used if you have the <code>ssl_redirect</code> + parameter turned on, [% terms.Bugzilla %] is the only thing running + on its domain (i.e., your <code>urlbase</code> is something like + <code>http://bugzilla.example.com/</code>), and you never plan to disable + the <code>ssl_redirect</code> parameter. + <ul> + <li> + off - Don't send the Strict-Transport-Security header with requests. + </li> + <li> + this_domain_only - Send the Strict-Transport-Security header with all + requests, but only support it for the current domain. + </li> + <li> + include_subdomains - Send the Strict-Transport-Security header along + with the <code>includeSubDomains</code> flag, which will apply the + security change to all subdomains. This is especially useful when + combined with an <code>attachment_base</code> that exists as (a) + subdomain(s) under the main [% terms.Bugzilla %] domain. + </li> + </ul> +[% END %] + [% param_descs = { cookiedomain => "If your website is at 'www.foo.com', setting this to" @@ -47,4 +76,6 @@ _ " necessary to enter its URL if the web server cannot access the" _ " HTTP_PROXY environment variable. If you have to authenticate," _ " use the <code>http://user:pass@proxy_url/</code> syntax.", + + strict_transport_security => sts_desc, } %] |