Y
Hacker News
new
|
ask
|
show
|
jobs
by
mguillemot
4904 days ago
It's worth noting that Rails enables HSTS for the whole domain when you use the following in one of your config files (usually production.rb):
config.force_ssl = true
1 comments
ch0wn
4904 days ago
And for Flask users there is flask-sslify[0] by Kenneth Reitz for this.
[0]
https://github.com/kennethreitz/flask-sslify
link
Kudos
4904 days ago
I presume something like this is only useful for services like Heroku where you can't set it in your webserver directly?
link
MichaelGG
4904 days ago
It's also useful if your app requirements trump deployment requirements. You might want a particular app to always require SSL, regardless of how it is deployed.
link
[0] https://github.com/kennethreitz/flask-sslify