Mercurial > prosody-modules

view mod_strict_https/README.markdown @ 4980:da151f9af861

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
replaced 'session' with 'origin' in push_disable session is not defined in this function, trying to access it leads to an error. The correct reference seems to be 'origin'. (This may have come about by copying from the similar code in process_stanza_queue.)
author arcseconds
date Sat, 30 Jul 2022 21:07:47 +1200
parents 4d73a1a6ba68
children 0c8e6269ea38
line wrap: on
line source

---
labels:
summary: HTTP Strict Transport Security
...

Introduction
============

This module implements [HTTP Strict Transport
Security](https://tools.ietf.org/html/rfc6797) and responds to all
non-HTTPS requests with a `301 Moved Permanently` redirect to the HTTPS
equivalent of the path.

Configuration
=============

Add the module to the `modules_enabled` list and optionally configure
the specific header sent.

    modules_enabled = {
      ...
          "strict_https";
    }
    hsts_header = "max-age=31556952"

Compatibility
=============

  ------- --------------
  trunk   Works
  0.9     Works
  0.8     Doesn't work
  ------- --------------