view mod_strict_https/README.markdown @ 4340:7cd3b7ec59e9

mod_http_oauth2: Rudimentary support for scopes (but not really) We don't support limiting access, but this change will inform the client what permissions the created token has (e.g. is the user an admin or not). There is some work in progress on real scope support.
author Matthew Wild <mwild1@gmail.com>
date Sat, 16 Jan 2021 19:47:22 +0000
parents 4d73a1a6ba68
children 0c8e6269ea38
line wrap: on
line source

---
labels:
summary: HTTP Strict Transport Security
...

Introduction
============

This module implements [HTTP Strict Transport
Security](https://tools.ietf.org/html/rfc6797) and responds to all
non-HTTPS requests with a `301 Moved Permanently` redirect to the HTTPS
equivalent of the path.

Configuration
=============

Add the module to the `modules_enabled` list and optionally configure
the specific header sent.

    modules_enabled = {
      ...
          "strict_https";
    }
    hsts_header = "max-age=31556952"

Compatibility
=============

  ------- --------------
  trunk   Works
  0.9     Works
  0.8     Doesn't work
  ------- --------------