An express
middleware that redirects requests to https://
, if necessary.
npm install --save goto-https
import * as express from "express";
import {gotoHttps} from "goto-https";
declare const trustProxy : boolean;
app = express();
/*
Set to `true` if you are behind Nginx or some other proxy.
*/
app.set("trust proxy", trustProxy);
app.use(gotoHttps({
enabled : true,
/*
You should not leave this empty.
If your website is `example.com`,
then you should put `example.com` in this array.
*/
hostDomainWhitelist : [],
}));
See the type GotoHttpsOptions
in src/goto-https.ts
for more options.
- Domain whitelisting
-
RedirectDelegate
(Seesrc/goto-https.ts
) to control redirect behaviour
See the test/run-time/input
folder.
npm run test-run-time
-
req.headers["host"]
andreq.headers["x-forwarded-host"]
may be used, depending on express'trust proxy fn
. -
The redirect URL is derived by
"https://" + parsedHost.host + req.originalUrl
. -
If an invalid host is found, the middleware responds with status code
404
. -
The default redirect status code is
302
. -
A valid host is a
string
that is non-empty and not all whitespace.
-
Whitelisting
domain.com
will also whitelist all domains that end with the stringdomain.com
. e.g.subdomain1.domain.com
,subdomain2.domain.com
, etc. -
To whitelist specific subdomains, add each subdomain to the array individually.
const hostDomainWhitelist = [ `subdomain1.domain.com`, `subdomain4.domain.com`, ]; //subdomain2.domain.com and subdomain3.domain.com are not whitelisted. //domain.com is also not whitelisted.