NAME
Plack::Middleware::RedirectSSL - force all requests to use in-/secure connections
VERSION
version 1.300
SYNOPSIS
# in app.psgi
use Plack::Builder;
builder {
enable 'RedirectSSL';
$app;
};
DESCRIPTION
This middleware intercepts requests using either the http
or https
scheme and redirects them to the same URI under respective other scheme.
CONFIGURATION OPTIONS
ssl
-
Specifies the direction of redirects. If true or not specified, requests using
http
will be redirected tohttps
. If false, requests usinghttps
will be redirected to plainhttp
. hsts_header
-
Specifies an arbitrary string value for the
Strict-Transport-Security
header. If false, no such header will be sent. hsts_policy
-
Specifies a value to pass to
"render_sts_policy"
and updates thehsts_header
option with the returned value.Defaults to an HSTS policy with default values.
hsts
-
Use of this option is discouraged.
Specifies a
max-age
value for the current HSTS policy (preserving all other directives) or creates a new one (containing no other directives) and updates thehsts_header
option to reflect it. If undef, sets ahsts_header
to amax-age
of 26 weeks. If otherwise false, setshsts_header
toundef
. (If you really want amax-age
value of 0, use'00'
,'0E0'
or'0 but true'
.)
FUNCTIONS
render_sts_policy
Takes either a hash reference containing an HSTS policy or undef
, and returns the corresponding Strict-Transport-Security
header value. As a side effect, validates the policy and updates the hash with the ultimate value of every directive after computing defaults.
The following directives are supported:
max_age
-
Integer value for the
max-age
directive.If missing or undefined, it will normally default to 26 weeks.
But if the
preload
directive is true, it will default to 365 days and may not be set to any smaller value.If 0 (which unpublishes a previous HSTS policy), no other directives may be set.
include_subdomains
-
Boolean; whether to include the
includeSubDomains
directive.If missing or undefined, it will normally default to false.
But if the
preload
directive is true, it will defaults to true and may not be set to false. preload
-
Boolean; whether to include the
preload
directive.
SEE ALSO
AUTHOR
Aristotle Pagaltzis <pagaltzis@gmx.de>
COPYRIGHT AND LICENSE
This software is copyright (c) 2018 by Aristotle Pagaltzis.
This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.