Made suggested improvements, allow more parameters to be set via

config, added to documentation.

README.rst

@@ -47,6 +47,9 @@ If you'd like to include subdomains in your HSTS policy, set the ``subdomains``
     sslify = SSLify(app, subdomains=True)
 
 
+Or by including SSL_SUBDOMAINS in your app's config.
+
+
 HTTP 301 Redirects
 ------------------
 
@@ -55,15 +58,24 @@ by passing the ``permanent`` parameter::
 
     sslify = SSLify(app, permanent=True)
 
+Or by including SSL_PERMANENT in your app's config.
+
 
 Exclude Certain Paths from Being Redirected
 -------------------------------------------
- You can exlude a path that starts with given string by including a list called ``skips``::
+You can exlude a path that starts with given string by including a list called ``skips``::
  
      sslify = SSLify(app, skips=['mypath', 'anotherpath'])
 
 Or by including SSL_SKIPS in your app's config.
 
+
+Turn-off Redirects Completely 
+------------------------------
+Flask-SSLify won't run if DEBUG is True, but you can also turn-off redirects completely by setting 
+SSL_NO_REDIRECTS in your app's config which might be useful for things like testing, etc.
+
+
 Install
 -------
 

flask_sslify.py

@@ -9,12 +9,12 @@ class SSLify(object):
     """Secures your Flask App."""
 
     def __init__(self, app, age=YEAR_IN_SECS, subdomains=False, permanent=False, skips=None):
-        if app is not None:
+        if app is not None and not app.config.get('SSL_NO_REDIRECTS'):
             self.app = app
             self.hsts_age = age
-            self.hsts_include_subdomains = subdomains
-            self.permanent = permanent
-            self.skip_list = skips or app.config['SSL_SKIPS']
+            self.hsts_include_subdomains = subdomains or app.config.get('SSL_SUBDOMAINS')
+            self.permanent = permanent or app.config.get('SSL_PERMANENT')
+            self.skip_list = skips or app.config.get('SSL_SKIPS')
             self.init_app(self.app)
         else:
             self.app = None
@@ -35,10 +35,13 @@ class SSLify(object):
         return hsts_policy
 
     @property
-    def skipping(self):
+    def skip(self):
         """Checks the skip list."""
         # Should we skip?
-        if self.skip_list:
+        if self.skip_list: 
+            if isinstance(self.skip_list, basestring):
+                if request.path.startswith('/' + skip):
+                    return True
             for skip in self.skip_list:
                 if request.path.startswith('/' + skip):
                     return True
@@ -52,7 +55,7 @@ class SSLify(object):
             request.headers.get('X-Forwarded-Proto', 'http') == 'https'
         ]
 
-        if not any(criteria) and not self.skipping is True:
+        if not any(criteria) and not self.skip is True:
             if request.url.startswith('http://'):
                 url = request.url.replace('http://', 'https://', 1)
                 code = 302
@@ -64,6 +67,6 @@ class SSLify(object):
     def set_hsts_header(self, response):
         """Adds HSTS header to each response."""
         # Should we add STS header?
-        if request.is_secure and not self.skipping is True:
+        if request.is_secure and not self.skip:
             response.headers.setdefault('Strict-Transport-Security', self.hsts_header)
         return response