module Roda::RodaPlugins::Hsts

def self.configure(app, opts=OPTS)

includeSubDomains is set to enforce HTTPS for subdomains.
:subdomains :: Set to false to not set includeSubDomains. By default,
:preload :: Set preload, so the domain can be included in HSTS preload lists
:max_age :: Set max-age in seconds (default is 63072000, two years)
Configure the Strict-Transport-Security header. Options:

def self.configure(app, opts=OPTS)
  app.plugin :default_headers, RodaResponseHeaders::STRICT_TRANSPORT_SECURITY => "max-age=#{opts[:max_age]||63072000}#{'; includeSubDomains' unless opts[:subdomains] == false}#{'; preload' if opts[:preload]}".freeze
end

def self.load_dependencies(app, opts=OPTS)

Ensure default_headers plugin is loaded first

def self.load_dependencies(app, opts=OPTS)
  app.plugin :default_headers
end

Class Methods

:: configure
:: load_dependencies

Defined in

lib/roda/plugins/hsts.rb

Modules

Classes

module Roda::RodaPlugins::Hsts

def self.configure(app, opts=OPTS)

def self.load_dependencies(app, opts=OPTS)

Class Methods

Defined in