* As per spec, don't include STS header in non-https responses
* Handle bad URIs gracefully.
Some adapters (i.e. jruby-rack) will pass through bad URIs, then display
the resulting exception. This creates an attack vector for XSS attacks.
* Added more installation/usage instructions into the README
* Return 400 instead of 404 in case of InvalidURIError
* Include Content-Type in 400 response.
To stay compatible with old Rack versions.
* Skip URI parsing Request#url
URI may fail to parse some legit URL paths.
Rack::SSL
=========
Force SSL/TLS in your app.
1. Redirects all "http" requests to "https"
2. Set `Strict-Transport-Security` header
3. Flag all cookies as "secure"
