wolf4earth
Most Liked
AstonJ
Great post Sascha, I am sure it will help a lot of people!
I don’t have a Phoenix app in production yet but for anyone using HAProxy, these lines on the frontend may also be of help:
reqadd X-Forwarded-Proto:\ https if { ssl_fc }
redirect scheme https if ssl_redirect_hosts !{ ssl_fc }
redirect scheme https code 301 if !{ ssl_fc }
In conjunction with configuring plug to handle X-Forwarded-* headers as per Sascha’s post.
Exadra37
exclude some requests from the redirect (and as such the HSTS header)
From the moment you set the HSTS header the browser will honor it for any endpoint not just for the one from where you sent it in a response.
The HTTP Strict Transport Security header informs the browser that it should never load a site using HTTP and should automatically convert all attempts to access the site using HTTP to HTTPS requests instead.
Or am I misunderstanding your proposal?
Popular Backend topics
Other popular topics
Sponsor Spotlight
Real-time error tracking, performance insights, and observability for devs.
Latest in Elixir
Categories:
Sub Categories:
Popular Portals
- /elixir
- /rust
- /ruby
- /wasm
- /erlang
- /phoenix
- /keyboards
- /rails
- /js
- /python
- /security
- /go
- /swift
- /vim
- /clojure
- /emacs
- /haskell
- /java
- /onivim
- /svelte
- /typescript
- /crystal
- /c-plus-plus
- /kotlin
- /tailwind
- /gleam
- /ocaml
- /react
- /elm
- /flutter
- /vscode
- /ash
- /opensuse
- /centos
- /php
- /deepseek
- /html
- /scala
- /zig
- /textmate
- /sublime-text
- /debian
- /nixos
- /lisp
- /agda
- /react-native
- /kubuntu
- /arch-linux
- /ubuntu
- /revery
- /django
- /manjaro
- /spring
- /diversity
- /nodejs
- /lua
- /julia
- /c
- /slackware
- /markdown
Devtalk Sponsors
Practical resources that improve the lives of professional developers.
We build trusted fault-tolerant systems that scale to billions of users.
Real-time error tracking, performance insights, and observability for devs.
Develop your skills with books, videos, and courses.
Catch errors, track performance, monitor hosts and more.
Enabling companies to succeed by building software people love.
Courses that'll move you from confusion to "Aha, now I get it!"