-
Notifications
You must be signed in to change notification settings - Fork 17
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Heroku SSL error #29
Comments
Hey @jwelton sorry I missed this notification come in. I haven't seen this one before but admittedly am not familiar with Heroku deployment. Do you mind posting your relevant config (i.e. anything that has to do with the library) and I'll do some poking around? |
Thanks for the reply @battlejj. I think I may of found the problem. I've actually found a good blog post about the issue. To quote the blog:
It's not all bad news. They have actually posted a solution to the problem. Turns out that Heroku do pass something onto us we can use (again I'm quoting the blog below)!
I can confirm that I've tested this method and it does indeed work. For completeness, this is the code I used during testing: app.use('*',function(req,res,next){
if(req.headers['x-forwarded-proto']!='https')
return res.redirect(['https://', req.get('Host'), req.url].join(''));
else
next()
}) I wonder if there is a way to build in a check for the Heroku header into this library? Here is a link to the blog post I have quoted above: |
Happy to help. The library actually does support the x-forwarded-proto header. By default the support is disabled since it is possible to spoof this header. To enable this the trustXFPHeader option needs to be set to true in your config. Check out the README for a quick example. Let me know if you still have problems after enabling the feature. |
I'm not sure if I've misunderstood something, but for some reason
express-force-ssl
is not recognizing Heroku's SSL connections. If I setenable301Redirects
tofalse
and access through eitherhttp
orhttps
, then I can the error message. This this totrue
Google Chrome gives me an error in chrome saying too many redirects were attempted.Its important to note here that Google Chrome does say that the connection is private and successful. I've included the connection details below.
Any ideas?
The text was updated successfully, but these errors were encountered: