New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
redirect-ssl
Advanced tools
redirect-ssl - npm Package Compare versions
Comparing version 0.1.0 to 1.0.0
31
index.js
@@ -0,36 +1,19 @@ | ||
| const isHTTPS = require('is-https') | ||
| // Default options | ||
| const defaults = { | ||
| xForwardedProto: true, | ||
| redirectPort: 443, | ||
| redirectHost: undefined, | ||
| statusCode: 307 | ||
| xForwardedProto: true, | ||
| redirectPort: 443, | ||
| redirectHost: undefined, | ||
| statusCode: 307 | ||
| } | ||
| function isEmpty(v) { | ||
| return v === undefined || v === null | ||
| } | ||
| // Creates new middleware using provided options | ||
| function create(options) { | ||
| const { xForwardedProto, redirectPort, redirectHost, statusCode } = Object.assign({}, defaults, options) | ||
| const _port = redirectPort === 443 ? '' : (': ' + redirectPort) | ||
| return function redirectSSL(req, res, next) { | ||
| // Test using req.connection.encrypted | ||
| const _encrypted = isEmpty(req.connection.encrypted) ? null : req.connection.encrypted === true | ||
| // Test using req.protocol | ||
| const _httpsProtocol = isEmpty(req.protocol) ? null : req.protocol === 'https' | ||
| // Test using x-forwarded-proto header | ||
| const _httpsXforwarded = (!xForwardedProto || isEmpty(req.headers['x-forwarded-proto'])) ? null | ||
| : req.headers['x-forwarded-proto'].indexOf('https') !== -1 | ||
| const _noDetectionMethod = _encrypted === null && _httpsProtocol === null && _httpsXforwarded === null | ||
| if (_encrypted || _httpsProtocol || _httpsXforwarded || _noDetectionMethod) { | ||
| return next() | ||
| if (isHTTPS(req, xForwardedProto) !== false) { | ||
| return next() | ||
| } | ||
@@ -37,0 +20,0 @@ |
| { | ||
| "name": "redirect-ssl", | ||
| "version": "0.1.0", | ||
| "version": "1.0.0", | ||
| "description": "Connect middleware to enforce https", | ||
@@ -12,3 +12,6 @@ "main": "index.js", | ||
| "pem": "^1.9.7" | ||
| }, | ||
| "dependencies": { | ||
| "is-https": "^1.0.0" | ||
| } | ||
| } |
| # redirect-ssl | ||
| > Connect/Express middleware to enforce https. | ||
| > Connect/Express middleware to enforce https using [is-https](https://www.npmjs.com/package/is-https). | ||
@@ -7,10 +7,2 @@ [](https://npmjs.com/package/redirect-ssl) | ||
| ## Behaviour | ||
| This middleware tries to use 3 standard checks for HTTPS detection: | ||
| - Test if `req.connection.encrypted` is `true` | ||
| - Test if `req.protocol` is `https` | ||
| - Test if `x-forwarded-proto` header contains `https` | ||
| If all tests are unavailable, middleware just continues to avoid redirect loops. | ||
| If any test fails, middleware ends reponse with a [307](#status-code) redirect to `https://[host][:port?][url]`. | ||
| ## Usage | ||
@@ -17,0 +9,0 @@ Install package |
Sorry, the diff of this file is not supported yet
Fixed alerts
No v1
QualityPackage is not semver >=1. This means it is not stable and does not support ^ ranges.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by40.36%
12137
- Number of package files
- increased by14.29%
8
- Number of low quality alerts
- decreased by-50%
1
Worsened metrics
- Dependency count
- increased byInfinity%
1
- Lines of code
- decreased by-20.41%
39
- Number of lines in readme file
- decreased by-13.33%
52
Dependency changes
+ Addedis-https@^1.0.0
+ Addedis-https@1.0.0(transitive)