From c94f7d0fcd94c9513ba3d1bbcf6a759651d96d7a Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob.mottram@codethink.co.uk>
Date: Thu, 10 Dec 2015 15:37:02 +0000
Subject: [PATCH] Insert in different location

---
 src/freedombone-pin-cert | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/freedombone-pin-cert b/src/freedombone-pin-cert
index 4ade7c9a8..877069cb3 100755
--- a/src/freedombone-pin-cert
+++ b/src/freedombone-pin-cert
@@ -50,11 +50,17 @@ KEY_HASH=$(openssl rsa -in $KEY_FILENAME -outform der -pubout | openssl dgst -sh
 
 PIN_HEADER="add_header Public-Key-Pins 'pin-sha256=\"${KEY_HASH}\"; max-age=5184000; includeSubDomains';"
 if ! grep -q "add_header Public-Key-Pins" $SITE_FILENAME; then
-    sed -i "/add_header Access-Control-Allow-Origin.*/a $PIN_HEADER" $SITE_FILENAME
+    sed -i "/ssl_ciphers.*/a $PIN_HEADER" $SITE_FILENAME
 else
     sed -i "s/add_header Public-Key-Pins.*/$PIN_HEADER/g" $SITE_FILENAME
 fi
 
 systemctl restart nginx
 
+if ! grep -q "add_header Public-Key-Pins" $SITE_FILENAME; then
+    echo $'Pinning failed'
+fi
+
+echo "Pinned $DOMAIN_NAME with hash $KEY_HASH"
+
 exit 0
-- 
GitLab