express-sslify
express-sslify copied to clipboard
florianheinemann
Enforces SSL for node.js express projects
I just had a bug (on heroku) where initially I was able to load the site over http but after a refresh it redirected to the https address. Turned out...
The balancing proxy at the hosting platform we use includes port 80 in req.headers.host (`domain.com:80`). When this module redirects a request, the redirect url looks like `https://domain:80`. Browsers seem to...
Whenever I use this package, it doesn't work in my local environment because https://localhost:### throws errors. Can we add another check like this? if(req.headers && req.headers.host && req.headers.host === 'localhost:####')...
Just add typescript definition file with comments to get autocomplete on typescript code.
- Adds support for skips array - Allows skipping certain paths from being redirected - Updates documentation
If Strict-Transport-Security headers are not set, it's trivial to strip SSL on connections made later from insecure networks (see https://vimeo.com/50018478#t=23m30s). As such, I think it makes sense for express-sslify to:...
In many cases, I would want to handle error in a different way than sending a 403 with a hardcoded text message ("Please use HTTPS when submitting data to this...
I was looking at the code and it seems that now, there is no way to specify to which SSL port will I perform the redirect. This is an issue...
I do not test it but I think that redirecting should not work with cross domain request request because `OPTIONS` method will produce 403. https://github.com/florianheinemann/express-sslify/blob/master/index.js#L25
Hello 👋 I run a security community that finds and fixes vulnerabilities in OSS. A researcher (@yakirk) has found a potential issue, which I would be eager to share with...
Metadata
Owner
Metadata
Enforces SSL for node.js express projects