Last active
May 23, 2018 12:13
-
-
Save mecmartini/185e7b5bd52858a8f9e3a829b5accbd5 to your computer and use it in GitHub Desktop.
Drupal preprocess html to force all assets to https with hsts contrib module enabled
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| function your_theme_name_preprocess_html(&$variables) { | |
| // You can remove this if and leave only it's content if you don't need it | |
| // or the contrib module hsts is not enabled on your Drupal. | |
| if (\Drupal::moduleHandler()->moduleExists('hsts')) { | |
| $content_security_policy = [ | |
| '#tag' => 'meta', | |
| '#attributes' => [ | |
| 'http-equiv' => 'Content-Security-Policy', | |
| 'content' => 'upgrade-insecure-requests', | |
| ], | |
| ]; | |
| $variables['page']['#attached']['html_head'][] = [$content_security_policy, 'Content-Security-Policy']; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment