Feature Request: add support for Strict Transport Security #49

Closed
oreoshake opened this Issue Mar 27, 2013 · 2 comments

Comments

Projects
None yet
2 participants

All SSL, all the time, is pretty much a standard for anyone with authenticated traffic. HSTS provides this in a way that is much better than simply redirecting non-ssl requests (which really don't add much protection anyways).

What would be the correct place for this? It could be argued that it should be set in session_hijacking.rb but that's not my call :)

Owner

rkh commented Mar 27, 2013

This is not a call we can make for apps, imho. We use rack-ssl for this, btw.

Well then. Sorry for not closing this out earlier!

@oreoshake oreoshake closed this Apr 13, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment