sinatra / rack-protection

NOTE: This project has been merged upstream to sinatra/sinatra
https://github.com/sinatra/sinatra/tree/master/rack-protection
818 stars 58 forks source link

Feature Request: add support for Strict Transport Security #49

Closed oreoshake closed 9 years ago

oreoshake commented 11 years ago

All SSL, all the time, is pretty much a standard for anyone with authenticated traffic. HSTS provides this in a way that is much better than simply redirecting non-ssl requests (which really don't add much protection anyways).

What would be the correct place for this? It could be argued that it should be set in session_hijacking.rb but that's not my call :)

rkh commented 11 years ago

This is not a call we can make for apps, imho. We use rack-ssl for this, btw.

oreoshake commented 9 years ago

Well then. Sorry for not closing this out earlier!