From a791291ccadcec2ceb75ab5dc24fb4fa2c3d6682 Mon Sep 17 00:00:00 2001
From: AJ ONeal <aj@daplie.com>
Date: Tue, 27 Feb 2018 15:42:26 -0700
Subject: [PATCH] backport lost commits

---
 README.md |  8 ++++----
 index.js  | 12 ++++++------
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/README.md b/README.md
index 2635d1c..027fa54 100644
--- a/README.md
+++ b/README.md
@@ -54,7 +54,7 @@ server.on('request', require('redirect-https')({
 }));
 
 server.listen(insecurePort, function () {
-  console.log('Listening on http://localhost.daplie.com:' + server.address().port);
+  console.log('Listening on http://localhost.pplwink.com:' + server.address().port);
 });
 ```
 
@@ -81,6 +81,6 @@ If your application is properly separated between static assets and api, then it
 The incoming URL is already URI encoded by the browser but, just in case, I run an html escape on it
 so that no malicious links of this sort will yield unexpected behavior:
 
-  * `http://localhost.daplie.com:8080/"><script>alert('hi')</script>`
-  * `http://localhost.daplie.com:8080/';URL=http://example.com`
-  * `http://localhost.daplie.com:8080/;URL=http://example.com`
+  * `http://localhost.pplwink.com:8080/"><script>alert('hi')</script>`
+  * `http://localhost.pplwink.com:8080/';URL=http://example.com`
+  * `http://localhost.pplwink.com:8080/;URL=http://example.com`
diff --git a/index.js b/index.js
index 3d18720..c8140af 100644
--- a/index.js
+++ b/index.js
@@ -13,7 +13,7 @@ module.exports = function (opts) {
     opts.body = "<!-- Hello Mr Developer! We don't serve insecure resources around here."
       + "\n    Please use HTTPS instead. -->";
   }
-  opts.body = opts.body.replace(/{{\s+PORT\s+}}/i, opts.port);
+  opts.body = opts.body.replace(/{{\s+PORT\s+}}/ig, opts.port);
 
   return function (req, res, next) {
     if (req.connection.encrypted
@@ -24,7 +24,7 @@ module.exports = function (opts) {
       return;
     }
 
-    var url = req.url;
+    var url = (req.originalUrl || req.url);
     var host = req.headers.host || '';
 		if (!/:\d+/.test(host) && 443 !== opts.port) {
 			// we are using standard port 80, but we aren't using standard port 443
@@ -35,14 +35,14 @@ module.exports = function (opts) {
       ;
     //var encodedLocation = encodeURI(newLocation);
     var escapedLocation = escapeHtml(newLocation);
-    var encodedLocation;
+    var decodedLocation;
     try {
-      encodedLocation = decodeURIComponent(newLocation);
+      decodedLocation = decodeURIComponent(newLocation);
     } catch(e) {
-      encodedLocation = newLocation; // "#/error/?error_message=" + e.toString();
+      decodedLocation = newLocation; // "#/error/?error_message=" + e.toString();
     }
     var body = opts.body
-          .replace(/{{\s*HTML_URL\s*}}/ig, escapeHtml(encodedLocation))
+          .replace(/{{\s*HTML_URL\s*}}/ig, escapeHtml(decodedLocation))
           .replace(/{{\s*URL\s*}}/ig, escapedLocation)
           .replace(/{{\s*UNSAFE_URL\s*}}/ig, newLocation)
           ;