Feature Request: add support for Strict Transport Security

Question

Feature Request: add support for Strict Transport Security

oreoshake opened this issue 12 years ago · 2 comments

All SSL, all the time, is pretty much a standard for anyone with authenticated traffic. HSTS provides this in a way that is much better than simply redirecting non-ssl requests (which really don't add much protection anyways).

What would be the correct place for this? It could be argued that it should be set in session_hijacking.rb but that's not my call :)

Answer 1 · 2013-03-27T21:28:06.000Z

This is not a call we can make for apps, imho. We use rack-ssl for this, btw.

Answer 2 · 2015-04-13T21:24:56.000Z

Well then. Sorry for not closing this out earlier!