macchiato.middleware.ssl

Middleware for managing handlers operating over HTTPS.

default-scheme-header

The default header used in wrap-forwarded-scheme (x-forwarded-proto).

forwarded-scheme-request

(forwarded-scheme-request request)(forwarded-scheme-request request header)
Change the :scheme of the request to the value present in a request header.
See: wrap-forwarded-scheme.

hsts-response

(hsts-response response)(hsts-response response options)
Add the Strict-Transport-Security header to the response. See: wrap-hsts.

ssl-redirect-response

(ssl-redirect-response request options)
Given a HTTP request, return a redirect response to the equivalent HTTPS URL.
See: wrap-ssl-redirect.

url

wrap-forwarded-scheme

(wrap-forwarded-scheme handler)(wrap-forwarded-scheme handler header)
Middleware that changes the :scheme of the request map to the value present
in a request header. This is useful if your application sits behind a
reverse proxy or load balancer that handles the SSL transport.

The header defaults to x-forwarded-proto.

wrap-hsts

(wrap-hsts handler)(wrap-hsts handler options)
Middleware that adds the Strict-Transport-Security header to the response
from the handler. This ensures the browser will only use HTTPS for future
requests to the domain.

Accepts the following options:

:max-age             - the max time in seconds the HSTS policy applies
                       (defaults to 31536000 seconds, or 1 year)

:include-subdomains? - true if subdomains should be included in the HSTS
                       policy (defaults to true)

See RFC 6797 for more information (https://tools.ietf.org/html/rfc6797).

wrap-ssl-redirect

(wrap-ssl-redirect handler)(wrap-ssl-redirect handler options)
Middleware that redirects any HTTP request to the equivalent HTTPS URL.

Accepts the following options:

:ssl-port - the SSL port to use for redirects, defaults to 443.