Software /
code /
prosody-modules
File
mod_strict_https/README.markdown @ 5467:1c78a97a1091
mod_http_oauth2: Add a special "xmpp" scope that grants the users' default role
This will be the first step towards defining a standard set of XMPP
scopes. "xmpp" behaves as an alias for the user's default role, so that
the client does not need to know about the various prosody:* roles.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Wed, 17 May 2023 19:40:27 +0200 |
parent | 5415:f8797e3284ff |
line wrap: on
line source
--- summary: HTTP Strict Transport Security --- # Introduction This module implements [RFC 6797: HTTP Strict Transport Security] and responds to all non-HTTPS requests with a `301 Moved Permanently` redirect to the HTTPS equivalent of the path. # Configuration Add the module to the `modules_enabled` list and optionally configure the specific header sent. ``` lua modules_enabled = { ... "strict_https"; } hsts_header = "max-age=31556952" ``` If the redirect from `http://` to `https://` causes trouble with internal use of HTTP APIs it can be disabled: ``` lua hsts_redirect = false ``` # Compatibility ------- ------------- trunk Should work 0.12 Should work 0.11 Should work ------- -------------