sudoxreboot/habitica
1
0
Fork 0
mirror of https://github.com/sudoxnym/habitica.git synced 2026-05-21 05:08:51 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Allow x-habitica-lb: yes suffice to bypass SSL redirect

Browse source
This commit is contained in:
Kevin Gisi 2015-07-28 19:12:52 -04:00
parent 60d6a479de
commit 3be5c2cb96
1 changed files with 19 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
website/src/middleware.js
View file

@ -87,16 +87,29 @@ module.exports.errorHandler = function(err, req, res, next) {
res.json(500,{err:message}); //res.end(err.message);
}
function isHTTP(req) {
var baseUrl = nconf.get("BASE_URL");
return (
req.headers['x-forwarded-proto'] &&
req.headers['x-forwarded-proto'] !== 'https' &&
nconf.get('NODE_ENV') === 'production' &&
baseUrl.indexOf('https') === 0
);
}
function isProxied(req) {
return (
req.headers['x-habitica-lb'] &&
req.headers['x-habitica-lb'] === 'Yes'
);
}
module.exports.forceSSL = function(req, res, next){
var baseUrl = nconf.get("BASE_URL");
// Note x-forwarded-proto is used by Heroku & nginx, you'll have to do something different if you're not using those
if (req.headers['x-forwarded-proto'] && req.headers['x-forwarded-proto'] !== 'https'
&& nconf.get('NODE_ENV') === 'production'
&& baseUrl.indexOf('https') === 0) {
if(isHTTP(req) && !isProxied(req)) {
return res.redirect(baseUrl + req.url);
}
next()
next();
}
module.exports.cors = function(req, res, next) {