added functions to simplify application of an ssl-only policy to a site #894
+149
−1
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is the alternate design to my other pull request on the same topic. This is obviously simpler. No changes are necessary to the scaffolding, since the default behavior of not applying an ssl-only policy is unchanged. As mentioned in the discussion on the other PR, this approach adds a coordinated-configuration burden to scaffolded and default sites in order to avoid the danger, existing in the other design, that a user would define an ssl-only policy on their site but fail to apply it in their customizations.
I assume it's worth changing the text of the yesod book's chapter on sessions to include some note about this, but I'm not sure if that's in a repo I can offer a PR for. Let me know.