NAME

Plack::Middleware::RedirectSSL - force all requests to use in-/secure connections

SYNOPSIS

# in app.psgi
use Plack::Builder;

builder {
    enable 'RedirectSSL';
    $app;
};

DESCRIPTION

This middleware intercepts requests using either the http or https scheme and redirects them to the same URI under respective other scheme.

CONFIGURATION OPTIONS

ssl

Specifies the direction of redirects. If true, requests using http will be redirected to https. If false, requests using https will be redirected to plain http.

Defaults to true if not specified during construction.

hsts_header

Specifies an arbitrary string value for the Strict-Transport-Security header. If false, no such header will be sent.

hsts_policy

Specifies a value to pass to "render_sts_policy" and updates the hsts_header option with the returned value.

enable 'RedirectSSL', hsts_policy => { include_subdomains => 1 };

Defaults to an HSTS policy with default values, which is a max-age of 26 weeks and no other directives.

hsts

Use of this option is discouraged.

Specifies a max-age value for the hsts_policy option, preserving all other existing hsts_policy directives, if any. If undef, uses a max-age of 26 weeks. If otherwise false, sets hsts_policy to undef. (If you really want a max-age value of 0, use '00', '0E0' or '0 but true'.)

FUNCTIONS

`render_sts_policy`

Takes either a hash reference containing an HSTS policy or undef, and returns the corresponding Strict-Transport-Security header value.

my $policy = { include_subdomains => 1 };
printf "Strict-Transport-Security: %s\n", render_sts_policy $policy;
# Strict-Transport-Security: max-age=15724800; includeSubDomains

As a side effect, validates the policy and updates the hash with the ultimate value of every directive after computing defaults.

use Data::Dumper; local $Data::Dumper::Terse = 1;
print +Dumper $policy;
# {
#   'max_age' => 15724800,
#   'include_subdomains' => 1,
#   'preload' => ''
# }

The following directives are supported:

max_age

Integer value for the max-age directive.

If missing or undefined, it will normally default to 26 weeks.

But if the preload directive is true, it will default to 365 days and may not be set to any smaller value.

If 0 (which unpublishes a previous HSTS policy), no other directives may be set.

include_subdomains

Boolean; whether to include the includeSubDomains directive.

If missing or undefined, it will normally default to false.

But if the preload directive is true, it will defaults to true and may not be set to false.

preload

Boolean; whether to include the preload directive.

AUTHOR

Aristotle Pagaltzis <pagaltzis@gmx.de>

COPYRIGHT AND LICENSE

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.

To install Plack::Middleware::RedirectSSL, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Plack::Middleware::RedirectSSL

CPAN shell

perl -MCPAN -e shell
install Plack::Middleware::RedirectSSL

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)