prosody-modules
9d88c3d9eea5
mod_strict_https/README.md

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

File

mod_strict_https/README.md @ 6281:9d88c3d9eea5

mod_http_oauth2: Enforce the registered grant types Thus a client can limit itself to certain grant types. Not sure if this prevents any attacks, but what was the point of including this in the registration if it was not going to be enforced? This became easier to do with client_id being available earlier.
author Kim Alvefur <zash@zash.se>
date Mon, 02 Jun 2025 20:55:20 +0200
parent 6003:fe081789f7b5
line wrap: on
line source

---
summary: HTTP Strict Transport Security
---

# Introduction

This module implements [RFC 6797: HTTP Strict Transport Security] and
responds to all non-HTTPS requests with a `301 Moved Permanently`
redirect to the HTTPS equivalent of the path.

# Configuration

Add the module to the `modules_enabled` list and optionally configure
the specific header sent.

``` lua
modules_enabled = {
  ...
      "strict_https";
}
hsts_header = "max-age=31556952"
```

If the redirect from `http://` to `https://` causes trouble with
internal use of HTTP APIs it can be disabled:

``` lua
hsts_redirect = false
```

# Compatibility

  ------- -------------
  trunk   Should work
  0.12    Should work
  0.11    Should work
  ------- -------------