-- Hoogle documentation, generated by Haddock -- See Hoogle, http://www.haskell.org/hoogle/ -- | Enforce HTTPS in Wai server app safely. -- -- Wai middleware enforcing HTTPS protocol on any incoming request. In -- case of non-encrypted HTTP, traffic is redirected using 301 Permanent -- Redirect or optionally 307 Temporary Redirect. Middleware has -- compatibility modes for various reverse proxies (load balancers) and -- therefore can be used with Heroku, Google Cloud (Ingress), Azure or -- any other type of PAS or Cloud provider. @package wai-enforce-https @version 0.0.2 -- | Parsing and Serialization of Forwarded HTTP header values. module Network.HTTP.Forwarded -- | Representation of Forwarded header data All field are optional data Forwarded Forwarded :: Maybe ByteString -> Maybe ByteString -> Maybe ByteString -> Maybe (CI ByteString) -> Forwarded [forwardedBy] :: Forwarded -> Maybe ByteString [forwardedFor] :: Forwarded -> Maybe ByteString [forwardedHost] :: Forwarded -> Maybe ByteString [forwardedProto] :: Forwarded -> Maybe (CI ByteString) -- | Parse ByteString to Forwarded header Note that this function -- works with the values of the header only. Extraction of value from -- header depends what representation of headers you're using. -- -- In case of Wai you can extract headers as following: -- -- 
--   :set -XOverloadedStrings
--   import Network.Wai
--   import Network.HTTP.Forwarded
--   getForwarded req = parseForwarded <$> "forwarded" `lookup` requestHeaders req
--   :t getForwarded
--   getForwarded :: Request -> Maybe Forwarded
--
parseForwarded :: ByteString -> Forwarded -- | Serialize Forwarded data type back to ByteString -- representation. serializeForwarded :: Forwarded -> ByteString instance GHC.Show.Show Network.HTTP.Forwarded.Forwarded instance GHC.Classes.Eq Network.HTTP.Forwarded.Forwarded -- | Wai Middleware for enforcing encrypted HTTPS connection safely. -- -- This module is intended to be imported qualified -- -- 
--   import qualified Network.Wai.Middleware.EnforceHTTPS as EnforceHTTPS
--
-- --

Example Usage

-- -- Following is the most typical config. That is GCP, AWS and Heroku -- compatible setting using x-forwarded-proto header check and -- default configuration. -- -- 
--   {-# LANGUAGE OverloadedStrings #-}
--   
--   module Main where
--   
--   import           Network.HTTP.Types                  (status200)
--   import           Network.Wai                         (Application, responseLBS)
--   import           Network.Wai.Handler.Warp            (runEnv)
--   
--   import qualified Network.Wai.Middleware.EnforceHTTPS as EnforceHTTPS
--   
--   handler :: Application
--   handler _ respond = respond $
--       responseLBS status200 [] "Hello from behind proxy"
--   
--   app :: Application
--   app = EnforceHTTPS.withResolver EnforceHTTPS.xForwardedProto handler
--   
--   main :: IO ()
--   main = runEnv 8080 app
--
module Network.Wai.Middleware.EnforceHTTPS -- |

Configuration

-- -- EnforceHTTPSConfig does export constructor which should not -- collide with any other functions and therefore can be exposed in -- import -- -- 
--   import Network.Wai.Middleware.EnforceHTTPS (EnforceHTTPSConfig(..))
--
-- -- Default configuration is recommended but you're free to -- override any default value if you need to. -- -- Configuration of httpsIsSecure can be set using -- withResolver function which is preferred way for overwriting -- default Resolver. data EnforceHTTPSConfig EnforceHTTPSConfig :: !HTTPSResolver -> !Maybe ByteString -> !Int -> !Bool -> !Bool -> !Bool -> ![Method] -> !Status -> EnforceHTTPSConfig [httpsIsSecure] :: EnforceHTTPSConfig -> !HTTPSResolver [httpsHostname] :: EnforceHTTPSConfig -> !Maybe ByteString [httpsPort] :: EnforceHTTPSConfig -> !Int [httpsIgnoreURL] :: EnforceHTTPSConfig -> !Bool [httpsTemporary] :: EnforceHTTPSConfig -> !Bool [httpsSkipDefaultPort] :: EnforceHTTPSConfig -> !Bool [httpsRedirectMethods] :: EnforceHTTPSConfig -> ![Method] [httpsDisallowStatus] :: EnforceHTTPSConfig -> !Status -- | Default Configuration Default resolver is proxy to isSecure -- function -- -- defaultConfig :: EnforceHTTPSConfig -- | Middleware with default configuration. See -- defaultConfig for more details. def :: Middleware -- | Construct middleware with provided Resolver See `Provided -- Resolvers` section for more information. withResolver :: HTTPSResolver -> Middleware -- | Construct Middleware for specific EnforceHTTPSConfig withConfig :: EnforceHTTPSConfig -> Middleware -- | Resolvers are function used for testing if Request is made over secure -- HTTPS protocol. -- -- if True is returned from a Resolver function, request -- is considered to be secure. In case of False value, redirect -- logic is called. type HTTPSResolver = Request -> Bool -- | Resolver checking value of x-forwarded-proto HTTP header. -- This header is for instance used by Heroku or GCP Ingress among many -- others. -- -- Request is secure if value of header is https otherwise -- request is considered not being secure. xForwardedProto :: HTTPSResolver -- | Azure is proxying with additional `x-arr-ssl` header if original -- protocol is HTTPS. This resolver checks for the presence of this -- header. azure :: HTTPSResolver -- | Forwarded HTTP header is relatively new standard which should replaced -- all x-* adhoc headers by standardized one. This resolver is -- using proto=foo part of the header and check for equality -- with https value. -- -- More information can be found on MDN Complete implementation of -- Forwarded is located in Network.HTTP.Forwarded -- module forwarded :: HTTPSResolver -- | Some reverse proxies (Kong) are using values similar to -- x-forwarded-proto but are using different headers. This -- resolver allows you to specify name of header which should be used for -- the check. Like xForwardedProto, request is considered as being -- secure if value of header is https. customProtoHeader :: ByteString -> HTTPSResolver