express-enforces-ssl
Advanced tools
Comparing version 0.1.0 to 0.2.0
12
index.js
"use strict"; | ||
var enforceHTTPS = function(trustProxy) { | ||
var enforceHTTPS = function() { | ||
return function(req, res, next) { | ||
@@ -11,4 +11,4 @@ | ||
// by a proxy), check if x-forward-proto is set to https | ||
if(!isHttps && trustProxy) { | ||
isHttps = (req.headers["x-forwarded-proto"] === "https"); | ||
if(!isHttps) { | ||
isHttps = (req.protocol === "https"); | ||
} | ||
@@ -19,6 +19,6 @@ | ||
} else { | ||
// Only redirect GET methods | ||
// Only redirect GET methods | ||
if(req.method === "GET") { | ||
res.redirect(301, "https://" + req.headers.host + req.originalUrl); | ||
} else { | ||
} else { | ||
res.send(403, "Please use HTTPS when submitting data to this server."); | ||
@@ -30,2 +30,2 @@ } | ||
exports.HTTPS = enforceHTTPS; | ||
exports.HTTPS = enforceHTTPS; |
{ | ||
"name": "express-enforces-ssl", | ||
"version": "0.1.0", | ||
"version": "0.2.0", | ||
"description": "Enforces SSL for node.js express projects", | ||
@@ -5,0 +5,0 @@ "main": "index.js", |
@@ -24,3 +24,3 @@ express-enforces-ssl | ||
// use HTTPS(true) in case you are behind a load balancer (e.g. Heroku) | ||
// use HTTPS() in case you are behind a load balancer (e.g. Heroku) | ||
app.use(express_enforces_ssl.HTTPS()); | ||
@@ -27,0 +27,0 @@ |
23
2510