src/sbbs3 websrvr.c 1.605 1.606 websrvr.h 1.48 1.49
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv24033

Modified Files:
websrvr.c websrvr.h
Log Message:
Introduce web server option flag: "ALLOW_TLS". If this option is not set, then TLS (HTTPS) will not be enabled/supported in the web server.
Lowered the log level of the cryptlib failures in handle_crypt_call() from LOG_ERR to LOG_WARNING since these apparently are expected failures when interacting with misbehaving HTTPS/TLS clients.


---
þ Synchronet þ Vertrauen þ Home of Synchronet þ telnet://vert.synchro.net

src/sbbs3 websrvr.c 1.704 1.705 websrvr.h 1.56 1.57
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv19802

Modified Files:
websrvr.c websrvr.h
Log Message:
Add new web option "HSTS_SAFE"

If this option is set, it means that all content available via http:// is available at the same https:// URL. This will trigger to new behaviours:
1) If an HTTP request has the "Upgrade-Insecure-Requests: 1" header, the
client will get a 307 redirect to the https:// URL.
2) For https:// responses, the following two headers will be added:
Content-Security-Policy: block-all-mixed-content
Strict-Transport-Security: max-age=10886400; preload




---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/a66b8cf517effc0737dcc3e3
Modified Files:
src/sbbs3/websrvr.c websrvr.h
Log Message:
Add NO_HTTP option to web server, for a HTTPS-only web server

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net