redirect-ssl
    TypeScript icon, indicating that this package has built-in type declarations

    3.0.0 • Public • Published

    redirect-ssl

    Connect/Express middleware to enforce https using is-https.

    version downloads ci

    Usage

    Install package:

    yarn add redirect-ssl
    # or
    npm install redirect-ssl

    Require and use redirect-ssl. Make sure to use this middlware as the first in your middleware chain (if using express see middleware chain:

    import redirectSSL from 'redirect-ssl'
    // or
    const redirectSSL = require('redirect-ssl')
    
    // Add middleware
    app.use(redirectSSL)
    
    // Using custom options
    app.use(redirectSSL.create({ redirectPort: 8443 }))

    Disable for non-production or localhost

    If you want to disable on localhost, use the exclude option:

    app.use(redirectSSL.create({
       exclude: ['localhost']
    }))

    Only enable in production environments:

    app.use(redirectSSL.create({
      enabled: process.env.NODE_ENV === 'production'
    }))

    Options

    trustProxy

    • Default: true

    Trust and check x-forwarded-proto header for HTTPS detection.

    enabled

    • Default: true

    redirectPort

    • Default: 443

    Redirect users to this port for HTTPS. (:443 is omitted from URL as is default for https:// schema)

    redirectHost

    • Default: req.headers.host

    Redirects using this value as host, if omitted will use request host for redirects.

    NOTE It should not contain schema or trailing slashes. (Example: google.com)

    redirectUnknown

    • Default: true

    Redirect when no SSL detection method is available too. disable this option if you encounter redirect loops.

    statusCode

    • Default: 307 Temporary Redirect

    Status code when redirecting. The reason of choosing 307 for default is:

    • It prevents changing method from POST TO GET by user agents. (If you don't care, use 302 Found)
    • Is temporary so if for any reason HTTPS disables on server clients won't hurt. (If you need permanent, use 308 Permanent Redirect or 301 Moved Permanently)
    • See This question, 307 on MDN, and RFC 7231 section 6.4.7 for more info.

    exclude

    • Default: []

    An array of routes patterns for which redirection should be disabled.

    Using with Nuxt.js

    Add the redirect-ssl to the serverMiddleware array within in the nuxt.config.js file is the preferred usage:

    import redirectSSL from 'redirect-ssl'
    
    export default {
      serverMiddleware: [
        redirectSSL.create({
          enabled: process.env.NODE_ENV === 'production'
         }),
      ]
    }

    You will still need to install this package within your project for it work.

    License

    MIT. Made with 💖

    Keywords

    none

    Install

    npm i redirect-ssl

    DownloadsWeekly Downloads

    7,858

    Version

    3.0.0

    License

    MIT

    Unpacked Size

    8.88 kB

    Total Files

    6

    Last publish

    Collaborators

    • pi0