Connect/Express middleware to enforce https using is-https
Clone or download
Latest commit 8df60bb Oct 10, 2018

README.md

redirect-ssl

Connect/Express middleware to enforce https using is-https.

npm npm (scoped with tag)

Usage

Install package

yarn add redirect-ssl # or npm install redirect-ssl

Require and use middleware (Make sure adding it as the first in the chain)

const redirectSSL = require('redirect-ssl')

// Add middleware
app.use(redirectSSL)

// Or if want to provide options
app.use(redirectSSL.create({ redirectPort: 8443 }))

Options

xForwardedProto

  • Default: true

Trust and check x-forwarded-proto header for HTTPS detection.

redirect

  • Default: process.env.NODE_ENV === 'production'

Only enabled in production environment. Force redirecting locally by setting this option to true.

redirectPort

  • Default: 443

Redirect users to this port for HTTPS. (:443 is omitted from URL as is default for https:// schema)

redirectHost

  • Default: undefined

Redirects using this value as host, if omitted will use request host for redirects.

NOTE It should not contain schema or trailing slashes. (Example: google.com)

redirectUnknown

  • Default: true

Redirect when no SSL detection method is available too. disable this option if you encounter redirect loops.

Status Code

  • Default: 307 Temporary Redirect

Status code when redirecting. The reason of choosing 307 for default is:

  • It prevents changing method from POST TO GET by user agents. (If you don't care, use 302 Found)
  • Is temporary so if for any reason HTTPS disables on server clients won't hurt. (If you need permanent, use 308 Permanent Redirect or 301 Moved Permanently)
  • See This question, 307 on MDN, and RFC 7231 section 6.4.7 for more info.

exclude

  • Default: []

An array of routes patterns for which redirection should be disabled.

License

MIT - Nuxt.js