Mercurial > prosody-modules
view mod_strict_https/README.markdown @ 5214:d5492bc861f6
mod_http_oauth2: Remove authorization codes after use
RFC 6749 section 4.1.2 says:
> The client MUST NOT use the authorization code more than once.
Thus we clear it from the cache after use.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Mon, 06 Mar 2023 16:53:27 +0100 |
parents | 4d73a1a6ba68 |
children | 0c8e6269ea38 |
line wrap: on
line source
--- labels: summary: HTTP Strict Transport Security ... Introduction ============ This module implements [HTTP Strict Transport Security](https://tools.ietf.org/html/rfc6797) and responds to all non-HTTPS requests with a `301 Moved Permanently` redirect to the HTTPS equivalent of the path. Configuration ============= Add the module to the `modules_enabled` list and optionally configure the specific header sent. modules_enabled = { ... "strict_https"; } hsts_header = "max-age=31556952" Compatibility ============= ------- -------------- trunk Works 0.9 Works 0.8 Doesn't work ------- --------------