Conflicts: lib/rack/ssl.rb rack-ssl.gemspec
Skip URI parsing Request#url
URI may fail to parse some legit URL paths
Added more installation/usage instructions into the README
Handle bad URIs gracefully
To stay compatible with old Rack versions.
As per spec, don't include STS header in non-https responses
add license information to the gemspec
Some adapters (i.e. jruby-rack) will pass through bad URIs, then display the resulting exception. This creates an attack vector for XSS attacks.
this way we can use it with rubygems.org API
use status 307 for anything but GET or HEAD
Also allow the SSL port to be specified
--- So a bug with my last patch was if you accessed a subdomain on http, you got redirected with that subdomain + the subdomain you specified...for example `http://ssl.example.com => https://ssl.ssl.example.com` I tried to keep the subdomain option to handle this, but parsing this kind of stuff is hard. Eventually I found https://github.com/pauldix/domainatrix but I dont think this library needs a dependency on it, so I just switched the `:subdomain` option to `:host`.