File: //usr/local/rvm/gems/ruby-2.5.9/doc/actionpack-6.1.4.1/ri/ActionDispatch/SSL/cdesc-SSL.ri
��U:�RDoc::NormalClass[�i�I"�SSL�:�ETI"�ActionDispatch::SSL�;�TI"�Object�;�To:�RDoc::Markup::Document�:�@parts[�o;��;�[�o:�RDoc::Markup::Paragraph�;�[�I"`This middleware is added to the stack when <tt>config.force_ssl = true</tt>, and is passed �;�TI"Xthe options set in +config.ssl_options+. It does three jobs to enforce secure HTTP �;�TI"�requests:�;�To:�RDoc::Markup::BlankLine�o:�RDoc::Markup::List�:
@type:�NUMBER:�@items[�o:�RDoc::Markup::ListItem�:�@label0;�[�o; �;�[
I"Q<b>TLS redirect</b>: Permanently redirects +http://+ requests to +https://+ �;�TI"Uwith the same URL host, path, etc. Enabled by default. Set +config.ssl_options+ �;�TI"#to modify the destination URL �;�TI"R(e.g. <tt>redirect: { host: "secure.widgets.com", port: 8080 }</tt>), or set �;�TI"6<tt>redirect: false</tt> to disable this feature.�;�T@�o; �;�[�I"8Requests can opt-out of redirection with +exclude+:�;�T@�o:�RDoc::Markup::Verbatim�;�[�I"gconfig.ssl_options = { redirect: { exclude: -> request { /healthcheck/.match?(request.path) } } }
�;�T:�@format0o; �;�[�I"ACookies will not be flagged as secure for excluded requests.�;�T@�o;��;�0;�[�o; �;�[�I"T<b>Secure cookies</b>: Sets the +secure+ flag on cookies to tell browsers they �;�TI"Mmust not be sent along with +http://+ requests. Enabled by default. Set �;�TI"V+config.ssl_options+ with <tt>secure_cookies: false</tt> to disable this feature.�;�T@�o;��;�0;�[�o; �;�[�I"Q<b>HTTP Strict Transport Security (HSTS)</b>: Tells the browser to remember �;�TI"Hthis site as TLS-only and automatically redirect non-TLS requests. �;�TI"]Enabled by default. Configure +config.ssl_options+ with <tt>hsts: false</tt> to disable.�;�T@�o; �;�[�I"LSet +config.ssl_options+ with <tt>hsts: { ... }</tt> to configure HSTS:�;�T@�o;��;�:�BULLET;�[�o;��;�0;�[�o; �;�[�I"M+expires+: How long, in seconds, these settings will stick. The minimum �;�TI"Jrequired to qualify for browser preload lists is 1 year. Defaults to �;�TI"�2 years (recommended).�;�T@�o;��;�0;�[�o; �;�[�I"M+subdomains+: Set to +true+ to tell the browser to apply these settings �;�TI"Jto all subdomains. This protects your cookies from interception by a �;�TI"8vulnerable site on a subdomain. Defaults to +true+.�;�T@�o;��;�0;�[�o; �;�[�I"F+preload+: Advertise that this site may be included in browsers' �;�TI"Ppreloaded HSTS lists. HSTS protects your site on every visit <i>except the �;�TI"Nfirst visit</i> since it hasn't seen your HSTS header yet. To close this �;�TI"Igap, browser vendors include a baked-in list of HSTS-enabled sites. �;�TI"FGo to https://hstspreload.org to submit your site for inclusion. �;�TI"�Defaults to +false+.�;�T@�o; �;�[ I"UTo turn off HSTS, omitting the header is not enough. Browsers will remember the �;�TI"[original HSTS directive until it expires. Instead, use the header to tell browsers to �;�TI"Mexpire HSTS immediately. Setting <tt>hsts: false</tt> is a shortcut for �;�TI"#<tt>hsts: { expires: 0 }</tt>.�;�T:
@fileI"*lib/action_dispatch/middleware/ssl.rb�;�T:0@omit_headings_from_table_of_contents_below0;�0;�0[�[�[�[�[�I"
class�;�T[�[�:�public[�[�:�protected[�[�:�private[�[�I"
instance�;�T[�[�;�[�[�;�[�[�;�[�[�[�U:�RDoc::Context::Section[�i�0o;��;�[�;�0;�0[�@YI"�ActionDispatch�;�Tc�RDoc::NormalModule