Mercurial > prosody-modules
view mod_strict_https/README.md @ 6514:668b1f0a4dc6
mod_c2s_limit_sessions: Fix check when it's the first connection
Creation of the sessions[username] entry happens after the
"pre-resource-bind" event, before the "resource-bind" event.
Thus, for a users first connection, it may not exist.
This led to an 'attempt to index a nil value' error, fixed here.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Wed, 08 Apr 2026 15:56:38 +0200 |
| parents | fe081789f7b5 |
| children |
line wrap: on
line source
--- summary: HTTP Strict Transport Security --- # Introduction This module implements [RFC 6797: HTTP Strict Transport Security] and responds to all non-HTTPS requests with a `301 Moved Permanently` redirect to the HTTPS equivalent of the path. # Configuration Add the module to the `modules_enabled` list and optionally configure the specific header sent. ``` lua modules_enabled = { ... "strict_https"; } hsts_header = "max-age=31556952" ``` If the redirect from `http://` to `https://` causes trouble with internal use of HTTP APIs it can be disabled: ``` lua hsts_redirect = false ``` # Compatibility ------- ------------- trunk Should work 0.12 Should work 0.11 Should work ------- -------------
