From 9d6e17660dfb71e11fdf6eb86181ddb4aeec9992 Mon Sep 17 00:00:00 2001
From: Sunil Mohan Adapa <sunil@medhas.org>
Date: Sat, 22 Nov 2014 11:05:54 +0530
Subject: [PATCH] For SSL redirection, use 301 permanent

---
 data/etc/apache2/sites-available/plinth-ssl.conf | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/data/etc/apache2/sites-available/plinth-ssl.conf b/data/etc/apache2/sites-available/plinth-ssl.conf
index 267289dac..a7831936c 100644
--- a/data/etc/apache2/sites-available/plinth-ssl.conf
+++ b/data/etc/apache2/sites-available/plinth-ssl.conf
@@ -1,5 +1,8 @@
 ##
-## When enabled allows only SSL traffic onto Plinth
+## When enabled allows only SSL traffic onto Plinth.  This is done by
+## redirecting non-secure traffic to secure traffic.  The redirect is
+## permanent as recommended in:
+## http://tools.ietf.org/html/rfc6797#section-7
 ##
 ## Requires the following Apache modules to be enabled:
 ##   mod_rewrite
@@ -8,5 +11,5 @@
 <Location /plinth>
     RewriteEngine on
     ReWriteCond %{HTTPS} !=on
-    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
+    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
 </Location>