add middleware Raxx.EnforceHTTPS

CrowdHailer / raxx

Interface for HTTP webservers, frameworks and clients

https://hexdocs.pm/raxx

Apache License 2.0

402 stars 29 forks source link

add middleware Raxx.EnforceHTTPS #80

Closed CrowdHailer closed 6 years ago

CrowdHailer commented 6 years ago

middleware to enforce connections use https, redirecting all requests via http. It should also set the HTST (strict transport header). See details in

plug https://github.com/elixir-plug/plug/blob/master/lib/plug/ssl.ex
rack https://github.com/tobmatth/rack-ssl-enforcer

CrowdHailer commented 6 years ago

NOTE: when this middleware is part of an application started listening to a tcp socket no request will ever hit the application. The redirection will be to a second running server

CrowdHailer commented 6 years ago

Phoenix :force_ssl just falls back to Plug.SSL https://github.com/elixir-plug/plug/blob/master/lib/plug/ssl.ex

However there are some useful docs on the consequenses of using strict transport security headers.

https://github.com/phoenixframework/phoenix/blob/596626d9a21c56198c8449250df9c1b1709cf75b/guides/docs/endpoint.md#L106