diff --git a/README.md b/README.md index 3030e0c..5b69186 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,12 @@ # redirect-https -Redirect from HTTP to HTTPS. +Secure-by-default redirects from HTTP to HTTPS. -Makes for a seemless experience to end users in browsers (defaults to `301 Permanent + Location` redirect) -and tightens security for apis and bots, without adversely affecting strange browsers (fallback to `meta` redirect). +* Browsers get a 301 + Location redirect +* Only developers, bots, and APIs see security warning (advising to use HTTPS) +* Always uses meta redirect as a fallback, for everyone +* '/' always gets a 301 (for `curl | bash` installers) +* minimally configurable, don't get fancy See @@ -28,7 +31,7 @@ module.exports = app; ## Options -``` +```js { port: 443 // defaults to 443 , body: '' // defaults to an html comment to use https , trustProxy: true // useful if you haven't set this option in express @@ -42,6 +45,25 @@ module.exports = app; * If you use `{{URL}}` in the body text it will be replaced with a URI encoded and HTML escaped url (it'll look just like it is) * If you use `{{HTML_URL}}` in the body text it will be replaced with a URI decoded and HTML escaped url (it'll look just like it would in Chrome's URL bar) +## Advanced Options + +For the sake of `curl | bash` installers and the like there is also the option to cause bots and apis (i.e. curl) +to get a certain redirect for an exact path match: + +```js +{ paths: [ + { match: '/' + , redirect: 301 + } + , { match: /^\/$/ + , redirect: 301 + } + ] +} +``` + +If you're using this, you're probably getting too fancy (but hey, I get too fancy sometimes too). + ## Demo ```javascript diff --git a/index.js b/index.js index d14d583..e3f3b9a 100644 --- a/index.js +++ b/index.js @@ -15,6 +15,9 @@ module.exports = function (opts) { if (!opts.apis) { opts.apis = 'meta'; } + if (!Array.isArray(opts.paths)) { + opts.paths = [ { match: '/' } ]; + } if (!('body' in opts)) { opts.body = ""; @@ -68,7 +71,21 @@ module.exports = function (opts) { + '\n' + body + '\n\n' + '\n' ; + var pathMatch; + opts.paths.some(function (p) { + if (!p.match) { + // ignore + } else if ('string' === typeof p.match) { + pathMatch = (url === p.match) && (p.redirect || 301); + } else { + pathMatch = p.match.test && p.match.test(url) && (p.redirect || 301); + } + if (pathMatch) { + redirect = pathMatch; + } + return pathMatch; + }); // If it's not a non-0 number (because null is 0) then 'meta' is assumed. if (redirect && isFinite(redirect)) { res.statusCode = redirect; diff --git a/package.json b/package.json index 6a2e708..5ee089e 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "redirect-https", - "version": "1.2.0", + "version": "1.3.0", "description": "Redirect from HTTP to HTTPS using meta redirects", "main": "index.js", "scripts": {