express module for forcing https connections
npm install force-https An Express module.
Redirect or block requests made over external plain HTTP.
_Probably won't work if you are using non standard ports on the public facing domain/interface_
``
app.use(require('force-https'))
Make sure to put it before any other middleware, especially !
GET requests are redirected to their HTTPS equivalentsHTTP 409
All other verbs receive an with an error message, as HTTP states that one shouldn't redirect non GET requests
If you're behind a reverse proxy or load balancer (e.g Heroku, AWS ELB, Nginx, PaaS), you'll have to tell Express to trust the headers the proxy adds by adding app.enable('trust proxy'), otherwise this module will try to force the connection between the proxy and the express app to over https (which probably will not work).
All the other modules either seemed to either:
- ignore express's trust proxy setting and duplicate that functionality internally,POST
- redirect and PUT` requests,
- seem to
It isn't at all customisable, the error message is fixed, blah blah.
I'm open to pull requests to change this.