From 2a25864061c1277f82d63fb4b0e472b847a8d619 Mon Sep 17 00:00:00 2001
From: Jimmy Zelinskie <jimmy.zelinskie@coreos.com>
Date: Fri, 22 May 2015 16:09:11 -0400
Subject: [PATCH] setup-tool: add HSTS info box

---
 static/directives/config/config-setup-tool.html | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/static/directives/config/config-setup-tool.html b/static/directives/config/config-setup-tool.html
index 7c2fa2e19..978be4c74 100644
--- a/static/directives/config/config-setup-tool.html
+++ b/static/directives/config/config-setup-tool.html
@@ -98,6 +98,11 @@
                  A valid SSL certificate and private key files are required to use this option.
               </div>
 
+              <div class="co-alert co-alert-info" ng-if="config.PREFERRED_URL_SCHEME == 'https'">
+                Enabling SSL also enables <a href="https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security">HTTP Strict Transport Security</a>.<br/>
+                This prevents downgrade attacks and cookie theft, but browsers will reject all future insecure connections on this hostname.
+              </div>
+
               <table class="config-table"  ng-if="config.PREFERRED_URL_SCHEME == 'https'">
                 <tr>
                   <td class="non-input">Certificate:</td>
@@ -835,4 +840,4 @@
     </div><!-- /.modal -->
 
   </div>
-</div>
\ No newline at end of file
+</div>