From 1b2711fc42e46124a375b4df1b2e8241d65a8e01 Mon Sep 17 00:00:00 2001
From: David Duque <david.f.s.duque@tecnico.ulisboa.pt>
Date: Thu, 16 Jul 2020 12:21:14 +0100
Subject: [PATCH 1/2] Add 'always' modifier to the HSTS add_header directive
 (#1790)

This will make it so that the HSTS header is sent regardless of the request status code (until this point it would only be sent if "the response code equals 200, 201, 206, 301, 302, 303, 307, or 308." - according to thttp://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header)
---
 management/web_update.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/management/web_update.py b/management/web_update.py
index 66340619..0609c77b 100644
--- a/management/web_update.py
+++ b/management/web_update.py
@@ -188,9 +188,9 @@ def make_domain_config(domain, templates, ssl_certificates, env):
 
 	# Add the HSTS header.
 	if hsts == "yes":
-		nginx_conf_extra += "add_header Strict-Transport-Security max-age=15768000;\n"
+		nginx_conf_extra += "add_header Strict-Transport-Security \"max-age=15768000\" always;\n"
 	elif hsts == "preload":
-		nginx_conf_extra += "add_header Strict-Transport-Security \"max-age=15768000; includeSubDomains; preload\";\n"
+		nginx_conf_extra += "add_header Strict-Transport-Security \"max-age=15768000; includeSubDomains; preload\" always;\n"
 
 	# Add in any user customizations in the includes/ folder.
 	nginx_conf_custom_include = os.path.join(env["STORAGE_ROOT"], "www", safe_domain_name(domain) + ".conf")

From 967409b157842f09a74041c4deb7fc82b2eb1704 Mon Sep 17 00:00:00 2001
From: David Duque <david.f.s.duque@tecnico.ulisboa.pt>
Date: Thu, 16 Jul 2020 12:23:11 +0100
Subject: [PATCH 2/2] Drop requirement for passwords to have no spaces (#1789)

---
 management/mailconfig.py | 2 --
 tools/mail.py            | 3 ---
 2 files changed, 5 deletions(-)

diff --git a/management/mailconfig.py b/management/mailconfig.py
index dd597cd6..b061ea7d 100755
--- a/management/mailconfig.py
+++ b/management/mailconfig.py
@@ -605,8 +605,6 @@ def validate_password(pw):
 	# validate password
 	if pw.strip() == "":
 		raise ValueError("No password provided.")
-	if re.search(r"[\s]", pw):
-		raise ValueError("Passwords cannot contain spaces.")
 	if len(pw) < 8:
 		raise ValueError("Passwords must be at least eight characters.")
 
diff --git a/tools/mail.py b/tools/mail.py
index 566971e4..215f39eb 100755
--- a/tools/mail.py
+++ b/tools/mail.py
@@ -33,9 +33,6 @@ def read_password():
         if len(first) < 8:
             print("Passwords must be at least eight characters.")
             continue
-        if re.search(r'[\s]', first):
-            print("Passwords cannot contain spaces.")
-            continue
         second = getpass.getpass(' (again): ')
         if first != second:
             print("Passwords not the same. Try again.")