|
@@ -59,6 +59,7 @@ type listenerConfigBlock struct {
|
59
|
59
|
Tor bool
|
60
|
60
|
STSOnly bool `yaml:"sts-only"`
|
61
|
61
|
WebSocket bool
|
|
62
|
+ HideSTS bool `yaml:"hide-sts"`
|
62
|
63
|
}
|
63
|
64
|
|
64
|
65
|
type PersistentStatus uint
|
|
@@ -532,6 +533,7 @@ type Config struct {
|
532
|
533
|
SecureNetDefs []string `yaml:"secure-nets"`
|
533
|
534
|
secureNets []net.IPNet
|
534
|
535
|
supportedCaps *caps.Set
|
|
536
|
+ supportedCapsWithoutSTS *caps.Set
|
535
|
537
|
capValues caps.Values
|
536
|
538
|
Casemapping Casemapping
|
537
|
539
|
EnforceUtf8 bool `yaml:"enforce-utf8"`
|
|
@@ -834,6 +836,7 @@ func (conf *Config) prepareListeners() (err error) {
|
834
|
836
|
}
|
835
|
837
|
lconf.RequireProxy = block.TLS.Proxy || block.Proxy
|
836
|
838
|
lconf.WebSocket = block.WebSocket
|
|
839
|
+ lconf.HideSTS = block.HideSTS
|
837
|
840
|
conf.Server.trueListeners[addr] = lconf
|
838
|
841
|
}
|
839
|
842
|
return nil
|
|
@@ -1371,6 +1374,11 @@ func LoadConfig(filename string) (config *Config, err error) {
|
1371
|
1374
|
return nil, fmt.Errorf("failed to prepare listeners: %v", err)
|
1372
|
1375
|
}
|
1373
|
1376
|
|
|
1377
|
+ // #1428: Tor listeners should never see STS
|
|
1378
|
+ config.Server.supportedCapsWithoutSTS = caps.NewSet()
|
|
1379
|
+ config.Server.supportedCapsWithoutSTS.Union(config.Server.supportedCaps)
|
|
1380
|
+ config.Server.supportedCapsWithoutSTS.Disable(caps.STS)
|
|
1381
|
+
|
1374
|
1382
|
return config, nil
|
1375
|
1383
|
}
|
1376
|
1384
|
|