README.md

@@ -1,12 +1,9 @@
 # redirect-https.js
 
-Secure-by-default redirects from HTTP to HTTPS.
+Redirect from HTTP to HTTPS.
 
-* Browsers get a 301 + Location redirect
+Makes for a seemless experience to end users in browsers (defaults to `301 Permanent + Location` redirect)
-* Only developers, bots, and APIs see security warning (advising to use HTTPS)
+and tightens security for apis and bots, without adversely affecting strange browsers (fallback to `meta` redirect).
-* Always uses meta redirect as a fallback, for everyone
-* '/' always gets a 301 (for `curl | bash` installers)
-* minimally configurable, don't get fancy
 
 See <https://coolaj86.com/articles/secure-your-redirects/>
 
@@ -31,7 +28,7 @@ module.exports = app;
 
 ## Options
 
-```js
+```
 { port: 443           // defaults to 443
 , body: ''            // defaults to an html comment to use https
 , trustProxy: true    // useful if you haven't set this option in express
@@ -45,25 +42,6 @@ module.exports = app;
 * If you use `{{URL}}` in the body text it will be replaced with a URI encoded and HTML escaped url (it'll look just like it is)
 * If you use `{{HTML_URL}}` in the body text it will be replaced with a URI decoded and HTML escaped url (it'll look just like it would in Chrome's URL bar)
 
-## Advanced Options
-
-For the sake of `curl | bash` installers and the like there is also the option to cause bots and apis (i.e. curl)
-to get a certain redirect for an exact path match:
-
-```js
-{ paths: [
-    { match: '/'
-    , redirect: 301
-    }
-  , { match: /^\/$/
-    , redirect: 301
-    }
-  ]
-}
-```
-
-If you're using this, you're probably getting too fancy (but hey, I get too fancy sometimes too).
-
 ## Demo
 
 ```javascript

index.js

@@ -15,9 +15,6 @@ module.exports = function (opts) {
   if (!opts.apis) {
     opts.apis = 'meta';
   }
-  if (!Array.isArray(opts.paths)) {
-    opts.paths = [ { match: '/' } ];
-  }
   if (!('body' in opts)) {
     opts.body = "<!-- Hello Developer Person! We don't serve insecure resources around here."
       + "\n    Please use HTTPS instead. -->";
@@ -71,21 +68,7 @@ module.exports = function (opts) {
       + '<body>\n' + body + '\n</body>\n'
       + '</html>\n'
       ;
-    var pathMatch;
 
-    opts.paths.some(function (p) {
-      if (!p.match) {
-        // ignore
-      } else if ('string' === typeof p.match) {
-        pathMatch = (url === p.match) && (p.redirect || 301);
-      } else {
-        pathMatch = p.match.test && p.match.test(url) && (p.redirect || 301);
-      }
-      if (pathMatch) {
-        redirect = pathMatch;
-      }
-      return pathMatch;
-    });
     // If it's not a non-0 number (because null is 0) then 'meta' is assumed.
     if (redirect && isFinite(redirect)) {
       res.statusCode = redirect;

package.json

@@ -1,6 +1,6 @@
 {
   "name": "redirect-https",
-  "version": "1.3.0",
+  "version": "1.2.0",
   "description": "Redirect from HTTP to HTTPS using meta redirects",
   "main": "index.js",
   "scripts": {