Check the x-forwarded-proto header before redirecting to HTTPS (again)

joelpurra · Jul 1, 2015 · bcb0e9f · bcb0e9f
1 parent 083c515
commit bcb0e9f
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/lib/configuredHttpsRedirect.js b/lib/configuredHttpsRedirect.js
@@ -15,7 +15,7 @@ var configuration = require("configvention"),
 
     configuredHttpsRedirect = function() {
         var middleware = function(req, res, next) {
-            if (req.secure !== true && configuration.get("redirect-to-https") === true) {
+            if (req.headers["x-forwarded-proto"] !== "https" && configuration.get("redirect-to-https") === true) {
                 redirectRequestToHttps(req, res);
             } else {
                 next();