redirect-ssl

redirect-ssl

Connect/Express middleware to enforce https using is-https.

Usage

Install package:

yarn add redirect-ssl
# or
npm install redirect-ssl

Require and use redirect-ssl. Make sure to use this middlware as the first in your middleware chain (if using express see middleware chain:

import redirectSSL from 'redirect-ssl'
// or
const redirectSSL = require('redirect-ssl')

// Add middleware
app.use(redirectSSL)

// Using custom options
app.use(redirectSSL.create({ redirectPort: 8443 }))

Disable for non-production or localhost

If you want to disable on localhost, use the exclude option:

app.use(redirectSSL.create({
   exclude: ['localhost']
}))

Only enable in production environments:

app.use(redirectSSL.create({
  enabled: process.env.NODE_ENV === 'production'
}))

Options

trustProxy

• Default: true

Trust and check x-forwarded-proto header for HTTPS detection.

enabled

• Default: true

redirectPort

• Default: 443

Redirect users to this port for HTTPS. (:443 is omitted from URL as is default for https:// schema)

redirectHost

• Default: req.headers.host

Redirects using this value as host, if omitted will use request host for redirects.

NOTE It should not contain schema or trailing slashes. (Example: google.com)

redirectUnknown

• Default: true

Redirect when no SSL detection method is available too. disable this option if you encounter redirect loops.

statusCode

• Default: 307 Temporary Redirect

Status code when redirecting. The reason of choosing 307 for default is:

• It prevents changing method from POST TO GET by user agents. (If you don't care, use 302 Found)
• Is temporary so if for any reason HTTPS disables on server clients won't hurt. (If you need permanent, use 308 Permanent Redirect or 301 Moved Permanently)
• See This question, 307 on MDN, and RFC 7231 section 6.4.7 for more info.

exclude

• Default: []

An array of routes patterns for which redirection should be disabled.

Using with Nuxt.js

Add the redirect-ssl to the serverMiddleware array within in the nuxt.config.js file is the preferred usage:

import redirectSSL from 'redirectSSL'

export default {
  serverMiddleware: [
    redirectSSL.create({
      enabled: process.env.NODE_ENV === 'production'
     }),
  ]
}

You will still need to install this package within your project for it work.

License

MIT. Made with 💖

Changelog

2.0.0 (2020-05-31)

⚠ BREAKING CHANGES

• xForwardedProto renamed to trustProxy
• redirect changed to enabled and default value is always true (see example in docs)
• there might be behaviour changes for express-like frameworks

Features

• enabled option (f06e398)
• improve redirectHost type (88cafc0)
• rewrite to typescript (d8460a7)
• trustProxy option (1c8cb3d)
• write redirectURL to response too (763165b)

Bug Fixes

• fix types and redirectURL with non standard port (e728797)

fat

• update is-https to 2.x (d4267e7)

<a name="1.4.1"></a>