rack-ssl-enforcer
rack-ssl-enforcer copied to clipboard
tobmatth
A simple Rack middleware to enforce ssl connections
Rack middleware must not use instance variables for state, as the same instance can be called by multiple threads. This patch changes the middleware to pass all request state as...
I am using https://glitch.com/ and unfortunately even the `HTTP_X_FORWARDED_PROTO` is `https,https,https` when fetching http files. however the `HTTP_FLY_FORWARDED_PROTO` is accurate and comes through as a simple `http` or `https`. I...
It is now recommended that the HSTS `max-age` value defaults to two years. More info: * https://hstspreload.org/#deployment-recommendations * https://wiki.mozilla.org/Security/Server_Side_TLS * https://github.com/rails/rails/pull/38345 Any chance of releasing an update? It should be...
Based on the README file, the `SslEnforcer` should be prepended into the middleware chain via `insert_before`: ``` config.middleware.insert_before ActionDispatch::Cookies, Rack::SslEnforcer ``` But then all subsequent examples rely on `use`: ```...
Hello. The topic shall be self-explanatory, but I could gladly comment on it more. The API allows (and maybe even encourages) users to exclude certain paths and HTTP methods from...
Currently, I have the following configuration: ``` ruby use Rack::SslEnforcer, hsts: true, redirect_to: 'https://www.example.com' ``` I'm using `redirect_to` because the site is behind a reverse proxy that routes different paths...
Hello I have a site where I want SSL only on these routes: https://api.example.com https://example.com/users/sign_in https://example.com/users/sign_up and rest URLs should run without SSL. I am not able to figure out...
This update allows you to define constraints for discrete method and path combinations. See the updated README for more details: https://github.com/Matchbook/rack-ssl-enforcer#method--path-combination-constraints
