NAME

PAGI::Middleware::HTTPSRedirect - Force HTTPS redirect middleware

SYNOPSIS

use PAGI::Middleware::Builder;

my $app = builder {
    enable 'HTTPSRedirect';
    $my_app;
};

DESCRIPTION

PAGI::Middleware::HTTPSRedirect redirects HTTP requests to HTTPS. Useful for enforcing secure connections in production.

CONFIGURATION

• redirect_code (default: 301)

  HTTP status code for redirects. Use 302 for temporary redirects.

• exclude (optional)

  Arrayref of paths to exclude from redirect (e.g., health checks).

• hsts (default: 0)

  If true, add Strict-Transport-Security header.

• hsts_max_age (default: 31536000)

  HSTS max-age in seconds (1 year default).

NOTES

This middleware checks $scope->{scheme} to determine if the request is already using HTTPS. Make sure your server sets this correctly, especially when behind a reverse proxy (use ReverseProxy middleware).

SEE ALSO

PAGI::Middleware - Base class for middleware

PAGI::Middleware::ReverseProxy - Handle X-Forwarded headers