wai-enforce-https 0.0.2.1 → 1.0.0.0
raw patch · 4 files changed
+18/−12 lines, 4 files
Files
- README.md +6/−0
- lib/Network/Wai/Middleware/EnforceHTTPS.hs +10/−10
- test/EnforceHTTPSSpec.hs +1/−1
- wai-enforce-https.cabal +1/−1
README.md view
@@ -117,3 +117,9 @@ ``` $ cabal build -f examples ```+++## Credits++Design of this library is heavily based on my other project [koa-sslify](https://github.com/turboMaCk/koa-sslify)+and is based on feedback and work of contributors of this library.
lib/Network/Wai/Middleware/EnforceHTTPS.hs view
@@ -93,14 +93,14 @@ -- Configuration of `httpsIsSecure` can be set using `withResolver` -- function which is preferred way for overwriting default `Resolver`. data EnforceHTTPSConfig = EnforceHTTPSConfig- { httpsIsSecure :: !HTTPSResolver- , httpsHostname :: !(Maybe ByteString)- , httpsPort :: !Int- , httpsIgnoreURL :: !Bool- , httpsTemporary :: !Bool- , httpsSkipDefaultPort :: !Bool- , httpsRedirectMethods :: ![Method]- , httpsDisallowStatus :: !Status+ { httpsIsSecure :: !HTTPSResolver -- ^ Function to detect if reqest was done over secure protocol+ , httpsHostRewrite :: !(ByteString -> ByteString) -- ^ Rewrite rule for host (useful for redirecting between domains)+ , httpsPort :: !Int -- ^ Port of secure server+ , httpsIgnoreURL :: !Bool -- ^ Ignore url (path, query) - redirect to just host+ , httpsTemporary :: !Bool -- ^ Use termporary redirect+ , httpsSkipDefaultPort :: !Bool -- ^ Avoid sending explicit port if default (443) is specified+ , httpsRedirectMethods :: ![Method] -- ^ Whitelist for methods that should be redirected+ , httpsDisallowStatus :: !Status -- ^ Status to retuned for disallowed methods } @@ -117,7 +117,7 @@ defaultConfig :: EnforceHTTPSConfig defaultConfig = EnforceHTTPSConfig { httpsIsSecure = Wai.isSecure- , httpsHostname = Nothing+ , httpsHostRewrite = id , httpsPort = 443 , httpsIgnoreURL = False , httpsTemporary = False@@ -183,7 +183,7 @@ stripPort h = fst $ ByteString.break (== 58) h -- colon - fullHost h = fromMaybe h httpsHostname <> port+ fullHost h = httpsHostRewrite h <> port reqMethod = Wai.requestMethod req
test/EnforceHTTPSSpec.hs view
@@ -75,7 +75,7 @@ hostnameSpec :: Spec hostnameSpec = do- let withApp = run $ defaultConfig { httpsHostname = Just "foo.com" }+ let withApp = run $ defaultConfig { httpsHostRewrite = const "foo.com" } it "redirects to specified hostname" $ withApp $ do res <- request baseReq
wai-enforce-https.cabal view
@@ -2,7 +2,7 @@ -- documentation, see http://haskell.org/cabal/users-guide/ name: wai-enforce-https-version: 0.0.2.1+version: 1.0.0.0 synopsis: Enforce HTTPS in Wai server app safely. description: Wai middleware enforcing HTTPS protocol on any incoming request. In case of non-encrypted HTTP, traffic is redirected using 301 Permanent Redirect or optionally 307 Temporary Redirect. Middleware has compatibility modes for various reverse proxies (load balancers) and therefore can be used with Heroku, Google Cloud (Ingress), Azure or any other type of PAS or Cloud provider. license: BSD3