prosody-modules
a0937b5cfdcb
mod_strict_https/README.markdown

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

File

mod_strict_https/README.markdown @ 4210:a0937b5cfdcb

mod_invites_page: Remove preauth URI button This button is incompatible with the majority of XMPP clients around, yet based on feedback from users, many are drawn to click it when they have any XMPP client installed already. In the case where the user already has software installed, we would prefer them to select it from the software list so they can follow the setup process suited to their specific client (we already track which software supports preauth URIs). If their client is not listed, they can still use the manual registration link instead.
author Matthew Wild <mwild1@gmail.com>
date Fri, 16 Oct 2020 11:03:38 +0100
parent 1803:4d73a1a6ba68
child 5414:0c8e6269ea38
line wrap: on
line source

---
labels:
summary: HTTP Strict Transport Security
...

Introduction
============

This module implements [HTTP Strict Transport
Security](https://tools.ietf.org/html/rfc6797) and responds to all
non-HTTPS requests with a `301 Moved Permanently` redirect to the HTTPS
equivalent of the path.

Configuration
=============

Add the module to the `modules_enabled` list and optionally configure
the specific header sent.

    modules_enabled = {
      ...
          "strict_https";
    }
    hsts_header = "max-age=31556952"

Compatibility
=============

  ------- --------------
  trunk   Works
  0.9     Works
  0.8     Doesn't work
  ------- --------------