redirect-ssl
Connect/Express middleware to enforce https
Last updated 8 months ago by pi0 .
MIT · Repository · Bugs · Original npm · Tarball · package.json
$ cnpm install redirect-ssl 
SYNC missed versions from official npm registry.

redirect-ssl

Connect/Express middleware to enforce https using is-https.

version downloads ci

Usage

Install package:

yarn add redirect-ssl
# or
npm install redirect-ssl

Require and use redirect-ssl. Make sure to use this middlware as the first in your middleware chain (if using express see middleware chain:

import redirectSSL from 'redirect-ssl'
// or
const redirectSSL = require('redirect-ssl')

// Add middleware
app.use(redirectSSL)

// Using custom options
app.use(redirectSSL.create({ redirectPort: 8443 }))

Disable for non-production or localhost

If you want to disable on localhost, use the exclude option:

app.use(redirectSSL.create({
   exclude: ['localhost']
}))

Only enable in production environments:

app.use(redirectSSL.create({
  enabled: process.env.NODE_ENV === 'production'
}))

Options

trustProxy

  • Default: true

Trust and check x-forwarded-proto header for HTTPS detection.

enabled

  • Default: true

redirectPort

  • Default: 443

Redirect users to this port for HTTPS. (:443 is omitted from URL as is default for https:// schema)

redirectHost

  • Default: req.headers.host

Redirects using this value as host, if omitted will use request host for redirects.

NOTE It should not contain schema or trailing slashes. (Example: google.com)

redirectUnknown

  • Default: true

Redirect when no SSL detection method is available too. disable this option if you encounter redirect loops.

statusCode

  • Default: 307 Temporary Redirect

Status code when redirecting. The reason of choosing 307 for default is:

  • It prevents changing method from POST TO GET by user agents. (If you don't care, use 302 Found)
  • Is temporary so if for any reason HTTPS disables on server clients won't hurt. (If you need permanent, use 308 Permanent Redirect or 301 Moved Permanently)
  • See This question, 307 on MDN, and RFC 7231 section 6.4.7 for more info.

exclude

  • Default: []

An array of routes patterns for which redirection should be disabled.

Using with Nuxt.js

Add the redirect-ssl to the serverMiddleware array within in the nuxt.config.js file is the preferred usage:

import redirectSSL from 'redirectSSL'

export default {
  serverMiddleware: [
    redirectSSL.create({
      enabled: process.env.NODE_ENV === 'production'
     }),
  ]
}

You will still need to install this package within your project for it work.

License

MIT. Made with ????

Current Tags

  • 2.0.0                                ...           latest (8 months ago)

11 Versions

  • 2.0.0                                ...           8 months ago
  • 1.4.1                                ...           a year ago
  • 1.4.0                                ...           2 years ago
  • 1.3.0                                ...           3 years ago
  • 1.2.1                                ...           3 years ago
  • 1.2.0                                ...           3 years ago
  • 1.1.0                                ...           3 years ago
  • 1.0.0                                ...           3 years ago
  • 0.1.0                                ...           3 years ago
  • 0.0.2                                ...           4 years ago
  • 0.0.1                                ...           4 years ago
Maintainers (1)
Downloads
Today 0
This Week 0
This Month 5
Last Day 0
Last Week 0
Last Month 4
Dependencies (1)
Dev Dependencies (12)
Dependents (2)

Copyright 2014 - 2016 © taobao.org |