mod_strict_https: Add way to disable redirect
Since Prosody 0.12+ does not listen on unencrypted http anymore, this is
likely to cause trouble. Especially since the URL construction is
problematic and awkward.
---
summary: HTTP Strict Transport Security
---
# Introduction
This module implements [RFC 6797: HTTP Strict Transport Security] and
responds to all non-HTTPS requests with a `301 Moved Permanently`
redirect to the HTTPS equivalent of the path.
# Configuration
Add the module to the `modules_enabled` list and optionally configure
the specific header sent.
``` lua
modules_enabled = {
...
"strict_https";
}
hsts_header = "max-age=31556952"
```
If the redirect from `http://` to `https://` causes trouble with
internal use of HTTP APIs it can be disabled:
``` lua
hsts_redirect = false
```
# Compatibility
------- -------------
trunk Should work
0.12 Should work
0.11 Should work
------- -------------