mirror of https://github.com/meteor/meteor.git synced 2026-05-02 03:01:46 -04:00

Files

Ben Newman 232ab2d209 Bump package versions for 1.4.2-beta.9 release.

I had to scrap the 1.4.2-beta.8 release because meteor-tool@1.4.2-beta.8
got published by a partial run of the publish-release script, but then the
publish-release script thought meteor-tool changed after that, and I
didn't want to republish it as something like 1.4.2-1-beta.8.

2016-10-05 18:42:56 -04:00

.gitignore

Add .gitignore to package directories to match linker branch.

2013-05-13 10:57:37 -07:00

force_ssl_common.js

Integrate force-ssl and absolute-url. Now when you add force-ssl, secure defaults to true in absolute-url.

2012-08-15 23:28:51 -07:00

force_ssl_server.js

Add Access-Control-Allow-Origin header to force-ssl redirect

2016-02-16 19:57:59 +01:00

package.js

Bump package versions for 1.4.2-beta.9 release.

2016-10-05 18:42:56 -04:00

README.md

Add released and development links

2016-08-30 15:40:14 -07:00

README.md

force-ssl

Source code of released version | Source code of development version

This package, part of Webapp, causes Meteor to redirect insecure connections (HTTP) to a secure URL (HTTPS). Use this package to ensure that communication to the server is always encrypted to protect users from active spoofing attacks.

To simplify development, unencrypted connections from localhost are always accepted over HTTP.

Application bundles (meteor bundle) do not include an HTTPS server or certificate. A proxy server that terminates SSL in front of a Meteor bundle must set the standard x-forwarded-proto header for the force-ssl package to work.

Applications deployed to meteor.com subdomains with meteor deploy are automatically served via HTTPS using Meteor's certificate.