Add HTTP redirect options
Add some convenience settings to enable HSTS and/or redirect HTTP traffic to HTTPS.
enable HSTS header
Set max age
Set include subdomain
This could be done via a server rule, but it would be nice to have a structure in the server.json to control it
HSTS can be enabled manually right now with this server rule
You can also force a redirect from HTTP to HTTPS with this rule:
The “done” handler means no further predicates will be run. The HTTPS redirect rule should probably be appended to the START of the rules array so it overrides any custom rules. Note this is different than the other rules CommandBox auto-adds. The other rules are designed to be override-able, but I don’t think this one should be.
test 1 ssl disabled
test 2 ssl enabled
test 3 force ssl redirect
test 4 hsts enabled
test 5 hsts enabled without maxAge
test 6 hsts enabled and include sub domains