The is-https npm package is a simple utility to check if a request is made over HTTPS. It is particularly useful in server-side applications where you need to ensure secure connections.
Check if request is HTTPS
This feature allows you to check if an incoming request is made over HTTPS. The code sample demonstrates a simple HTTP server that responds differently based on whether the request is HTTPS or not.
const isHttps = require('is-https');
const http = require('http');
const server = http.createServer((req, res) => {
if (isHttps(req)) {
res.writeHead(200, { 'Content-Type': 'text/plain' });
res.end('Request is HTTPS');
} else {
res.writeHead(400, { 'Content-Type': 'text/plain' });
res.end('Request is not HTTPS');
}
});
server.listen(3000, () => {
console.log('Server running at http://localhost:3000/');
});Express is a minimal and flexible Node.js web application framework that provides a robust set of features for web and mobile applications. It includes middleware to check if a request is secure, similar to is-https, but offers a much broader range of functionalities.
Helmet helps you secure your Express apps by setting various HTTP headers. While it doesn't specifically check if a request is HTTPS, it can enforce HTTPS connections and provide additional security features.
Check if the given request is HTTPS
Install package:
yarn add is-https
# or
npm install is-https
const isHTTPS = require('is-https')
// or
import isHTTPS from 'is-https'
function isHTTPS(req: IncomingMessage, trustProxy: Boolean = true): Boolean | undefined
isHTTPS function tries to use 2 different methods for HTTPS detection:
x-forwarded-proto header contains https
trustProxy argument to falsereq.connection.encrypted is trueReturns either true or false based on checks or undefined if no check was reliable.
TIP: If you want to redirect users from http to https, it is better using isHTTPS(req) === false to avoid redirect loops.
MIT
FAQs
Check if the given request is HTTPS
The npm package is-https receives a total of 262,963 weekly downloads. As such, is-https popularity was classified as popular.
We found that is-https demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
Security News
A Stanford study reveals 9.5% of engineers contribute almost nothing, costing tech $90B annually, with remote work fueling the rise of "ghost engineers."