Redirect insecure connections.

2026-01-25 15:38:56 +00:00 · 2013-06-19 10:36:14 +01:00 · 2013-06-19 10:36:14 +01:00 · bb041bface
commit bb041bface
parent 568b5a8da0
1 changed files with 8 additions and 0 deletions
--- a/lib/app.js
+++ b/lib/app.js
@ -148,6 +148,14 @@ app.connect = function (callback) {
    app.use(middleware.limitContentLength({limit: app.set('max-request-size')}));
    app.use(express.cookieParser(app.set('session secret')));
    app.use(express.cookieSession({key: 'jsbin', cookie: {maxAge: 365 * 24 * 60 * 60 * 1000}}));
+    // If we're in SSL mode but an insecure connection comes in, redirect to
+    // the SSL version (removing any port information)
+    app.use(function (req, res, next) {
+      if (app.get('url ssl') && !req.secure) {
+        return res.redirect('https://' + req.headers.host.replace(/:.*/, '') + req.url);
+      }
+      next();
+    });
    app.use(express.urlencoded());
    app.use(express.json());
    app.use(middleware.csrf({ ignore: ['/', /^\/api\//] }));