Heroku SSL error #29
Comments
|
Hey @jwelton sorry I missed this notification come in. I haven't seen this one before but admittedly am not familiar with Heroku deployment. Do you mind posting your relevant config (i.e. anything that has to do with the library) and I'll do some poking around? |
|
Thanks for the reply @battlejj. I think I may of found the problem. I've actually found a good blog post about the issue. To quote the blog:
It's not all bad news. They have actually posted a solution to the problem. Turns out that Heroku do pass something onto us we can use (again I'm quoting the blog below)!
I can confirm that I've tested this method and it does indeed work. For completeness, this is the code I used during testing: app.use('*',function(req,res,next){
if(req.headers['x-forwarded-proto']!='https')
return res.redirect(['https://', req.get('Host'), req.url].join(''));
else
next()
})I wonder if there is a way to build in a check for the Heroku header into this library? Here is a link to the blog post I have quoted above: |
|
Happy to help. The library actually does support the x-forwarded-proto header. By default the support is disabled since it is possible to spoof this header. To enable this the trustXFPHeader option needs to be set to true in your config. Check out the README for a quick example. Let me know if you still have problems after enabling the feature. |
I'm not sure if I've misunderstood something, but for some reason
express-force-sslis not recognizing Heroku's SSL connections. If I setenable301Redirectstofalseand access through eitherhttporhttps, then I can the error message. This this totrueGoogle Chrome gives me an error in chrome saying too many redirects were attempted.Its important to note here that Google Chrome does say that the connection is private and successful. I've included the connection details below.
Any ideas?
The text was updated successfully, but these errors were encountered: