mirror of https://github.com/meteor/meteor.git synced 2026-05-02 03:01:46 -04:00

Files

David Glasser 43b4b30205 Release PLUGINS-PREVIEW@1

This included removing some internal version constraints. It would be
nice if package A could say "use B@2.0.0" (when both have changed), but
when they're both in the release, we need to make a release that has a
B@2.0.0-rc in it, which doesn't match that constraint. Fortunately,
constraints aren't necessary within a release anyway.

2015-07-22 23:19:11 -07:00

.gitignore

Add .gitignore to package directories to match linker branch.

2013-05-13 10:57:37 -07:00

force_ssl_common.js

Integrate force-ssl and absolute-url. Now when you add force-ssl, secure defaults to true in absolute-url.

2012-08-15 23:28:51 -07:00

force_ssl_server.js

Use Meteor.absoluteUrl() to redirect in force-ssl

2014-05-27 17:32:04 -07:00

package.js

Release PLUGINS-PREVIEW@1

2015-07-22 23:19:11 -07:00

README.md

move force-ssl writeup from docs.meteor.com to a README

2014-10-13 22:33:05 -07:00

README.md

force-ssl

This package, part of Webapp, causes Meteor to redirect insecure connections (HTTP) to a secure URL (HTTPS). Use this package to ensure that communication to the server is always encrypted to protect users from active spoofing attacks.

To simplify development, unencrypted connections from localhost are always accepted over HTTP.

Application bundles (meteor bundle) do not include an HTTPS server or certificate. A proxy server that terminates SSL in front of a Meteor bundle must set the standard x-forwarded-proto header for the force-ssl package to work.

Applications deployed to meteor.com subdomains with meteor deploy are automatically served via HTTPS using Meteor's certificate.