Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
mguillemot
on Jan 20, 2013
|
parent
|
context
|
favorite
| on:
Fencing Your SSL Errors With HSTS
It's worth noting that Rails enables HSTS for the whole domain when you use the following in one of your config files (usually production.rb):
config.force_ssl = true
ch0wn
on Jan 20, 2013
[–]
And for Flask users there is flask-sslify[0] by Kenneth Reitz for this.
[0]
https://github.com/kennethreitz/flask-sslify
Kudos
on Jan 20, 2013
|
parent
[–]
I presume something like this is only useful for services like Heroku where you can't set it in your webserver directly?
MichaelGG
on Jan 20, 2013
|
root
|
parent
[–]
It's also useful if your app requirements trump deployment requirements. You might want a particular app to always require SSL, regardless of how it is deployed.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
