Friday, 14 April 2017

Node Express redirect does not redirect the initial visit, but redirects everything else (F5, links)

I am trying to force redirect from HTTP to HTTPS, and have almost succeeded. Following other SO posts, I have this code :

app.use(function(req, res, next) {
    res.header("Access-Control-Allow-Origin", "*");
    res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
    next();
});
app.use(function (req, res, next) {
    if (req.header('x-forwarded-proto') === 'http' && process.env.NODE_ENV === 'production') {
        console.log("redirecting to https : " + req.url);
        res.redirect(301, 'https://' + 'website.com' + req.url);
        return
    }
    next();
});

Everything gets redirected properly, EXCEPT the original hit, so when the client types 'website.com' in the browser bar, he is not redirected to HTTPS. I haven't been able to find why that happens.



via Storm

No comments:

Post a Comment