Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
added functions to simplify application of an ssl-only policy to a site #894
This is the alternate design to my other pull request on the same topic. This is obviously simpler. No changes are necessary to the scaffolding, since the default behavior of not applying an ssl-only policy is unchanged. As mentioned in the discussion on the other PR, this approach adds a coordinated-configuration burden to scaffolded and default sites in order to avoid the danger, existing in the other design, that a user would define an ssl-only policy on their site but fail to apply it in their customizations.
I assume it's worth changing the text of the yesod book's chapter on sessions to include some note about this, but I'm not sure if that's in a repo I can offer a PR for. Let me know.