/platinum-https-redirect

Force a redirect to HTTPS when not on a local web server.

Primary LanguageHTML

Build status

Demo and API docs

##<platinum-https-redirect>

The <platinum-https-redirect> element redirects the current page to HTTPS, unless the page is loaded from a web server running on localhost.

Using HTTP Strict Transport Security (HSTS) can be used to enforce HTTPS for an entire origin, following the first visit to any page on the origin. Configuring the underlying web server to redirect all HTTP requests to their HTTPS equivalents takes care of enforcing HTTPS on the initial visit as well. Both options provide a more robust approach to enforcing HTTPS, but require access to the underlying web server's configuration in order to implement.

This element provides a client-side option when HSTS and server-enforced redirects aren't possible, such as when deploying code on a shared-hosting provider like GitHub Pages.

It comes in handy when used with other <platinum-*> elements, since those elements use features which are restricted to HTTPS, with an exception to support local web servers.

It can be used by just adding it to any page, e.g.

<platinum-https-redirect></platinum-https-redirect>