Updated README

README.md

@@ -69,7 +69,7 @@ wssh --log-file-prefix=main.log
 wssh --help
 ```
 
-### Use console
+### Browser console
 
 ```javascript
 // connect to your ssh server
@@ -140,5 +140,5 @@ wssh --port=8080 --sslport=4433 --certfile='cert.crt' --keyfile='cert.key' --xhe
 ## Tips
 
 * For whatever deployment choice you choose, don't forget to enable SSL.
-* If you choose running this app as a standalone server, redirecting http to https is enabled by default, and only http requests from a public network will be redirected.
+* By default plain http requests from a public network will be either redirected or blocked and being redirected takes precedence over being blocked.
 * Try to use reject policy as the missing host key policy along with your verified known_hosts, this will prevent man-in-the-middle attacks. The idea is that it checks the system host keys file("~/.ssh/known_hosts") and the application host keys file("./known_hosts") in order, if the ssh server's hostname is not found or the key is not matched, the connection will be aborted.

README.rst

@@ -73,8 +73,8 @@ Server options
     # more options
     wssh --help
 
-Use console
-~~~~~~~~~~~
+Browser console
+~~~~~~~~~~~~~~~
 
 .. code:: javascript
 
@@ -152,9 +152,9 @@ Tips
 
 -  For whatever deployment choice you choose, don't forget to enable
    SSL.
--  If you choose running this app as a standalone server, redirecting
-   http to https is enabled by default, and only http requests from a
-   public network will be redirected.
+-  By default plain http requests from a public network will be either
+   redirected or blocked and being redirected takes precedence over
+   being blocked.
 -  Try to use reject policy as the missing host key policy along with
    your verified known\_hosts, this will prevent man-in-the-middle
    attacks. The idea is that it checks the system host keys