Support TLS out of the box

scotty-web / scotty

Haskell web framework inspired by Ruby's Sinatra, using WAI and Warp (Official Repository)

http://hackage.haskell.org/package/scotty

BSD 3-Clause "New" or "Revised" License

1.71k stars 132 forks source link

Support TLS out of the box #290

Open friedbrice opened 1 year ago

friedbrice commented 1 year ago

Is there a reason that TLS is shunted off to its own package and isn't supported out of the box?

fumieval commented 1 year ago

FWIW I haven't felt a desperate need because it's just a matter of calling warp-tls on top of scottyApp, and in most cases handling TLS is a reverse proxy's responsibility. However, I don't strongly object to adding a function that launch a server with TLS

friedbrice commented 1 year ago

in most cases handling TLS is a reverse proxy's responsibility

This is a compelling point to me, yeah.

it's just a matter of calling warp-tls on top of scottyApp

This is a less-compelling point to me, since I typically think that Scotty users shouldn't have to know all that much about Warp, that Scotty should be taking care of that for them. I'm of the opinion that users shouldn't have to add warp as an explicit dependency in order to use the fully functionality that Scotty offers.

fumieval commented 1 year ago

Indeed, given that scotty supports WAI middlewares via the middleware function, perhaps there should be a function to enable TLS in the same vein