mirror of https://github.com/meteor/meteor.git synced 2026-05-02 03:01:46 -04:00

Files

Ben Newman 4f5cb1d7a0 Bump package versions for 1.3-beta.16 release.

What happened to beta.13, beta.14, and beta.15? All unfortunately suffered
from problems that made it either impossible or unwise to upgrade to those
versions.

2016-03-09 12:13:18 -05:00

.gitignore

Add .gitignore to package directories to match linker branch.

2013-05-13 10:57:37 -07:00

force_ssl_common.js

Integrate force-ssl and absolute-url. Now when you add force-ssl, secure defaults to true in absolute-url.

2012-08-15 23:28:51 -07:00

force_ssl_server.js

Add Access-Control-Allow-Origin header to force-ssl redirect

2016-02-16 19:57:59 +01:00

package.js

Bump package versions for 1.3-beta.16 release.

2016-03-09 12:13:18 -05:00

README.md

move force-ssl writeup from docs.meteor.com to a README

2014-10-13 22:33:05 -07:00

README.md

force-ssl

This package, part of Webapp, causes Meteor to redirect insecure connections (HTTP) to a secure URL (HTTPS). Use this package to ensure that communication to the server is always encrypted to protect users from active spoofing attacks.

To simplify development, unencrypted connections from localhost are always accepted over HTTP.

Application bundles (meteor bundle) do not include an HTTPS server or certificate. A proxy server that terminates SSL in front of a Meteor bundle must set the standard x-forwarded-proto header for the force-ssl package to work.

Applications deployed to meteor.com subdomains with meteor deploy are automatically served via HTTPS using Meteor's certificate.