force-https
An Express module. Redirect or block requests made over external plain HTTP.
Probably won't work if you are using non standard ports on the public facing domain/interface
API
app.use(require('force-https'))
Make sure to put it before any other middleware, especially app.router!
GET requests are redirected to their HTTPS equivalents
All other verbs receive an HTTP 409 with an error message, as HTTP states that one shouldn't redirect non GET requests
Proxies
If you're behind a reverse proxy or load balancer (e.g Heroku, AWS ELB, Nginx, PaaS), you'll have to tell Express to trust the headers the proxy adds by adding app.enable('trust proxy'), otherwise this module will try to force the connection between the proxy and the express app to over https (which probably will not work).
Why did I write this?
All the other modules either seemed to either:
- ignore express's
trust proxysetting and duplicate that functionality internally, - redirect
POSTandPUTrequests, - seem to
Whats bad about this module
It isn't at all customisable, the error message is fixed, blah blah. I'm open to pull requests to change this.