Closed CrowdHailer closed 6 years ago
NOTE: when this middleware is part of an application started listening to a tcp socket no request will ever hit the application. The redirection will be to a second running server
Phoenix :force_ssl
just falls back to Plug.SSL
https://github.com/elixir-plug/plug/blob/master/lib/plug/ssl.ex
However there are some useful docs on the consequenses of using strict transport security headers.
middleware to enforce connections use https, redirecting all requests via http. It should also set the HTST (strict transport header). See details in