redirect-ssl

> Connect/Express middleware to enforce https using is-https.

[![version][npm-v-src]][npm-v-href]
[![downloads][npm-d-src]][npm-d-href]
[![ci][ci-src]][ci-href]

Usage

Install package:

``bash yarn add redirect-ssl

`or`


npm install redirect-ssl

Require and use redirect-ssl. Make sure to use this middlware as the first in your middleware chain (if using express see middleware chain:

`js import redirectSSL from 'redirect-ssl' // or const redirectSSL = require('redirect-ssl')

// Add middleware app.use(redirectSSL)

// Using custom options app.use(redirectSSL.create({ redirectPort: 8443 }))`

`$3`

If you want to disable on localhost, use the exclude option:

`js app.use(redirectSSL.create({ exclude: ['localhost'] }))`

Only enable in production environments:

`js app.use(redirectSSL.create({ enabled: process.env.NODE_ENV === 'production' }))`

`Options`

`$3`

- Default: true

Trust and check x-forwarded-proto header for HTTPS detection.

`$3`

- Default: true

`$3`

- Default: 443

Redirect users to this port for HTTPS. (:443 is omitted from URL as is default for https:// schema)

`$3`

- Default: req.headers.host

Redirects using this value as host, if omitted will use request host for redirects.

NOTE It should not contain schema or trailing slashes. (Example: google.com)

`$3`

- Default: true

Redirect when no SSL detection method is available too. disable this option if you encounter redirect loops.

`$3`

- Default: 307 Temporary Redirect

Status code when redirecting. The reason of choosing 307for default is: - It prevents changing method fromPOST TO GET by user agents. (If you don't care, use 302Found) - Is temporary so if for any reason HTTPS disables on server clients won't hurt. (If you need permanent, use308 Permanent Redirect or 301Moved Permanently) - See This question, 307 on MDN, and RFC 7231 section 6.4.7 for more info.

`$3`

- Default: []

An array of routes patterns for which redirection should be disabled.

`Using with Nuxt.js`

Add the redirect-ssl to the serverMiddleware array within in the nuxt.config.js file is the preferred usage:

`js import redirectSSL from 'redirect-ssl'

export default { serverMiddleware: [ redirectSSL.create({ enabled: process.env.NODE_ENV === 'production' }), ] }``

You will still need to install this package within your project for it work.

License

MIT. Made with 💖

[npm-v-src]: https://img.shields.io/npm/v/redirect-ssl?style=flat-square
[npm-v-href]: https://npmjs.com/package/redirect-ssl

[npm-d-src]: https://img.shields.io/npm/dm/redirect-ssl?style=flat-square
[npm-d-href]: https://npmjs.com/package/redirect-ssl

[ci-src]: https://img.shields.io/github/workflow/status/unjs/redirect-ssl/ci/master?style=flat-square
[ci-href]: https://github.com/unjs/redirect-ssl/actions?query=workflow%3Aci

redirect-ssl

> Connect/Express middleware to enforce https using is-https.

[![version][npm-v-src]][npm-v-href]
[![downloads][npm-d-src]][npm-d-href]
[![ci][ci-src]][ci-href]

Usage

Install package:

``bash yarn add redirect-ssl

`or`


npm install redirect-ssl

Require and use redirect-ssl. Make sure to use this middlware as the first in your middleware chain (if using express see middleware chain:

`js import redirectSSL from 'redirect-ssl' // or const redirectSSL = require('redirect-ssl')

// Add middleware app.use(redirectSSL)

// Using custom options app.use(redirectSSL.create({ redirectPort: 8443 }))`

`$3`

If you want to disable on localhost, use the exclude option:

`js app.use(redirectSSL.create({ exclude: ['localhost'] }))`

Only enable in production environments:

`js app.use(redirectSSL.create({ enabled: process.env.NODE_ENV === 'production' }))`

`Options`

`$3`

- Default: true

Trust and check x-forwarded-proto header for HTTPS detection.

`$3`

- Default: true

`$3`

- Default: 443

Redirect users to this port for HTTPS. (:443 is omitted from URL as is default for https:// schema)

`$3`

- Default: req.headers.host

Redirects using this value as host, if omitted will use request host for redirects.

NOTE It should not contain schema or trailing slashes. (Example: google.com)

`$3`

- Default: true

Redirect when no SSL detection method is available too. disable this option if you encounter redirect loops.

`$3`

- Default: 307 Temporary Redirect

`$3`

- Default: []

An array of routes patterns for which redirection should be disabled.

`Using with Nuxt.js`

Add the redirect-ssl to the serverMiddleware array within in the nuxt.config.js file is the preferred usage:

`js import redirectSSL from 'redirect-ssl'

export default { serverMiddleware: [ redirectSSL.create({ enabled: process.env.NODE_ENV === 'production' }), ] }``

You will still need to install this package within your project for it work.

License

MIT. Made with 💖

[npm-v-src]: https://img.shields.io/npm/v/redirect-ssl?style=flat-square
[npm-v-href]: https://npmjs.com/package/redirect-ssl

[npm-d-src]: https://img.shields.io/npm/dm/redirect-ssl?style=flat-square
[npm-d-href]: https://npmjs.com/package/redirect-ssl

[ci-src]: https://img.shields.io/github/workflow/status/unjs/redirect-ssl/ci/master?style=flat-square
[ci-href]: https://github.com/unjs/redirect-ssl/actions?query=workflow%3Aci