README
require-https
express middleware to require requests to be secure. Unlike other similar middleware, this function does not perform redirects or attempt to deal with insecure requests. Instead, this module fails fast and fails hard by returning an error immediately when an insecure connection is detected.
Installation
npm install --save require-https
API
requireHttps(status, message)
Parameters:
status- optional HTTP status code to include in the error when an insecure connection is detected. Defaults to403 Forbidden.message- optional error message to include in the error when an insecure connection is detected. Defaults toInsecure Connection. Use HTTPS instead..
Returns:
- standard express middleware function.
- middleware function accepts
(req, res, next) - middleware function calls
next()when a secure connection is detected andnext(err)when an insecure connection is detected.
- middleware function accepts
Example
HTTPS Everywhere:
"use strict";
var requireHttps = require('require-https');
var express = require('express');
var app = express();
app.enable('trust proxy');
app.use(requireHttps());
app.get('/', function (req, res) {
res.send('Hello, World!');
});
app.listen(3000);
HTTPS for specific routes with custom error message:
"use strict";
var requireHttps = require('require-https');
var express = require('express');
var app = express();
app.enable('trust proxy');
app.get('/', function (req, res) {
res.send('Hello, World!');
});
app.get('/sensitive', requireHttps(403, 'HTTPS is required to view top secret info.'), function (req, res) {
res.send('Top Secret!');
});
app.listen(3000);
Tips
If behind a reverse proxy server such as nginx,
the trust proxy option must be set. See Express behind proxies
for more details.
app.enable('trust proxy');
License
See LICENSE.md