Merge pull request #875 from craigspaeth/force-ssl-order

Move SSL + WWW middleware up
artsy · Feb 16, 2017 · 17706ca · 17706ca
2 parents 7cb2311 + 7b13985
commit 17706ca
Showing 1 changed file with 8 additions and 4 deletions.
diff --git a/lib/setup.coffee b/lib/setup.coffee
@@ -67,9 +67,10 @@ downcase = require './middleware/downcase'
 ipfilter = require('express-ipfilter').IpFilter
 
 module.exports = (app) ->
+  # Blacklist IPs
   app.use ipfilter([IP_BLACKLIST.split(',')], log: false, mode: 'deny')
 
-  # rate limited
+  # Rate limited
   if OPENREDIS_URL
     limiter = require('express-limiter')(app, cache.client)
     limiter
@@ -82,8 +83,14 @@ module.exports = (app) ->
         console.log 'Rate limit exceeded for', req.headers['x-forwarded-for']
         next()
 
+  # Blank page apparently used by Eigen?
   app.use require '../apps/blank'
 
+  # Make sure we're on https://www
+  app.use ensureWWW
+  app.use ensureSSL
+  app.use hstsMiddleware
+
   # Increase max sockets. The goal of this is to improve app -> api
   # performance but the downside is it limits client connection reuse with keep-alive
   if typeof MAX_SOCKETS == 'number' and MAX_SOCKETS > 0
@@ -172,8 +179,6 @@ module.exports = (app) ->
   app.use downcase
   app.use hardcodedRedirects
   app.use redirectMobile
-  app.use ensureSSL
-  app.use ensureWWW
 
   # General helpers and express middleware
   app.use bucketAssets()
@@ -182,7 +187,6 @@ module.exports = (app) ->
   app.use localsMiddleware
   app.use artsyError.helpers
   app.use sameOriginMiddleware
-  app.use hstsMiddleware
   app.use escapedFragmentMiddleware
   app.use logger LOGGER_FORMAT
   app.use unsupportedBrowserCheck