SSL-only website access

gfontenot / atxfccutcrew

0 stars 0 forks source link

Open gfontenot opened 1 year ago

gfontenot commented 1 year ago

We want to disallow access via HTTP. Need to do 2 things:

force SSL-only sessions (see https://www.yesodweb.com/book/sessions#sessions_hardening_via_ssl)
Force SSL-only access via web server (warp-tis?)

gfontenot commented 1 year ago

I'm not 100% sure how to handle 2, 1 is easy though.