diff options
author | Josh Rickmar <jrick@devio.us> | 2012-07-31 09:55:26 -0400 |
---|---|---|
committer | Josh Rickmar <jrick@devio.us> | 2012-07-31 09:55:26 -0400 |
commit | 0c240f728d489408cda135786cf29244c1cd4d83 (patch) | |
tree | e063f765a1c73d301ec3ad5e8a5904165337a63e /xombrero.conf | |
parent | 02e03fcb67ee3ee37ff7bd5f287a7c53ca55f97e (diff) | |
download | xombrero-0c240f728d489408cda135786cf29244c1cd4d83.tar.gz |
Add a force_https setting (using the same domain syntax as the
whitelist settings) to make all requests to that domain use the HTTPS scheme, similar to HSTS. Install a new file, hsts-preload, into the resource dir. This is a regular config file with a bunch of force_https = ... lines, which is used to implement a preloaded HSTS list. Right now all the domains in this file, except for conformal.com and cyphertite.com, are taken directly from chromium's preloaded HSTS list (and should be synced with this file every so often). Also implement a new setting, preload_strict_transport (enabled by default), to enable or disable the loading of this preloaded HSTS list. Document force_https and preload_strict_transport in the manpage.
Diffstat (limited to 'xombrero.conf')
-rw-r--r-- | xombrero.conf | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/xombrero.conf b/xombrero.conf index b3643c4..f04eddb 100644 --- a/xombrero.conf +++ b/xombrero.conf @@ -59,6 +59,7 @@ # userstyle_global = 1 # enable_favicon_entry = 0 # enable_favicon_tabs = 1 +# preload_strict_transport = 1 # referer = always # warn_cert_changes = 1 @@ -146,6 +147,15 @@ ## +## FORCE HTTPS FOR SITES +## + +# Add the domains of sites that should be only accesed over HTTPS. + +# force_https = .conformal.com + + +## ## MIME TYPES ## |