annotate mod_strict_https/README.markdown @ 5715:8488ebde5739

mod_http_oauth2: Skip consent screen if requested by client and same scopes already granted This follows the intent behind the OpenID Connect 'prompt' parameter when it does not include the 'consent' keyword, that is the client wishes to skip the consent screen. If the user has already granted the exact same scopes to the exact same client in the past, then one can assume that they may grant it again.
author Kim Alvefur <zash@zash.se>
date Tue, 14 Nov 2023 23:03:37 +0100
parents f8797e3284ff
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1803
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
1 ---
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
2 summary: HTTP Strict Transport Security
5414
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
3 ---
1782
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
4
5414
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
5 # Introduction
1782
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
6
5414
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
7 This module implements [RFC 6797: HTTP Strict Transport Security] and
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
8 responds to all non-HTTPS requests with a `301 Moved Permanently`
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
9 redirect to the HTTPS equivalent of the path.
1782
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
10
5414
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
11 # Configuration
1782
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
12
1803
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
13 Add the module to the `modules_enabled` list and optionally configure
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
14 the specific header sent.
1782
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
15
5414
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
16 ``` lua
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
17 modules_enabled = {
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
18 ...
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
19 "strict_https";
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
20 }
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
21 hsts_header = "max-age=31556952"
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
22 ```
1782
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
23
5415
f8797e3284ff mod_strict_https: Add way to disable redirect
Kim Alvefur <zash@zash.se>
parents: 5414
diff changeset
24 If the redirect from `http://` to `https://` causes trouble with
f8797e3284ff mod_strict_https: Add way to disable redirect
Kim Alvefur <zash@zash.se>
parents: 5414
diff changeset
25 internal use of HTTP APIs it can be disabled:
f8797e3284ff mod_strict_https: Add way to disable redirect
Kim Alvefur <zash@zash.se>
parents: 5414
diff changeset
26
f8797e3284ff mod_strict_https: Add way to disable redirect
Kim Alvefur <zash@zash.se>
parents: 5414
diff changeset
27 ``` lua
f8797e3284ff mod_strict_https: Add way to disable redirect
Kim Alvefur <zash@zash.se>
parents: 5414
diff changeset
28 hsts_redirect = false
f8797e3284ff mod_strict_https: Add way to disable redirect
Kim Alvefur <zash@zash.se>
parents: 5414
diff changeset
29 ```
f8797e3284ff mod_strict_https: Add way to disable redirect
Kim Alvefur <zash@zash.se>
parents: 5414
diff changeset
30
5414
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
31 # Compatibility
1803
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
32
5414
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
33 ------- -------------
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
34 trunk Should work
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
35 0.12 Should work
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
36 0.11 Should work
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
37 ------- -------------