v1.3.0: redirect root '/' with 301 by default (for curl | bash installers)
This commit is contained in:
parent
a403ccde39
commit
fd044d6467
30
README.md
30
README.md
|
@ -1,9 +1,12 @@
|
||||||
# redirect-https
|
# redirect-https
|
||||||
|
|
||||||
Redirect from HTTP to HTTPS.
|
Secure-by-default redirects from HTTP to HTTPS.
|
||||||
|
|
||||||
Makes for a seemless experience to end users in browsers (defaults to `301 Permanent + Location` redirect)
|
* Browsers get a 301 + Location redirect
|
||||||
and tightens security for apis and bots, without adversely affecting strange browsers (fallback to `meta` redirect).
|
* Only developers, bots, and APIs see security warning (advising to use HTTPS)
|
||||||
|
* Always uses meta redirect as a fallback, for everyone
|
||||||
|
* '/' always gets a 301 (for `curl | bash` installers)
|
||||||
|
* minimally configurable, don't get fancy
|
||||||
|
|
||||||
See <https://coolaj86.com/articles/secure-your-redirects/>
|
See <https://coolaj86.com/articles/secure-your-redirects/>
|
||||||
|
|
||||||
|
@ -28,7 +31,7 @@ module.exports = app;
|
||||||
|
|
||||||
## Options
|
## Options
|
||||||
|
|
||||||
```
|
```js
|
||||||
{ port: 443 // defaults to 443
|
{ port: 443 // defaults to 443
|
||||||
, body: '' // defaults to an html comment to use https
|
, body: '' // defaults to an html comment to use https
|
||||||
, trustProxy: true // useful if you haven't set this option in express
|
, trustProxy: true // useful if you haven't set this option in express
|
||||||
|
@ -42,6 +45,25 @@ module.exports = app;
|
||||||
* If you use `{{URL}}` in the body text it will be replaced with a URI encoded and HTML escaped url (it'll look just like it is)
|
* If you use `{{URL}}` in the body text it will be replaced with a URI encoded and HTML escaped url (it'll look just like it is)
|
||||||
* If you use `{{HTML_URL}}` in the body text it will be replaced with a URI decoded and HTML escaped url (it'll look just like it would in Chrome's URL bar)
|
* If you use `{{HTML_URL}}` in the body text it will be replaced with a URI decoded and HTML escaped url (it'll look just like it would in Chrome's URL bar)
|
||||||
|
|
||||||
|
## Advanced Options
|
||||||
|
|
||||||
|
For the sake of `curl | bash` installers and the like there is also the option to cause bots and apis (i.e. curl)
|
||||||
|
to get a certain redirect for an exact path match:
|
||||||
|
|
||||||
|
```js
|
||||||
|
{ paths: [
|
||||||
|
{ match: '/'
|
||||||
|
, redirect: 301
|
||||||
|
}
|
||||||
|
, { match: /^\/$/
|
||||||
|
, redirect: 301
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
If you're using this, you're probably getting too fancy (but hey, I get too fancy sometimes too).
|
||||||
|
|
||||||
## Demo
|
## Demo
|
||||||
|
|
||||||
```javascript
|
```javascript
|
||||||
|
|
17
index.js
17
index.js
|
@ -15,6 +15,9 @@ module.exports = function (opts) {
|
||||||
if (!opts.apis) {
|
if (!opts.apis) {
|
||||||
opts.apis = 'meta';
|
opts.apis = 'meta';
|
||||||
}
|
}
|
||||||
|
if (!Array.isArray(opts.paths)) {
|
||||||
|
opts.paths = [ { match: '/' } ];
|
||||||
|
}
|
||||||
if (!('body' in opts)) {
|
if (!('body' in opts)) {
|
||||||
opts.body = "<!-- Hello Developer Person! We don't serve insecure resources around here."
|
opts.body = "<!-- Hello Developer Person! We don't serve insecure resources around here."
|
||||||
+ "\n Please use HTTPS instead. -->";
|
+ "\n Please use HTTPS instead. -->";
|
||||||
|
@ -68,7 +71,21 @@ module.exports = function (opts) {
|
||||||
+ '<body>\n' + body + '\n</body>\n'
|
+ '<body>\n' + body + '\n</body>\n'
|
||||||
+ '</html>\n'
|
+ '</html>\n'
|
||||||
;
|
;
|
||||||
|
var pathMatch;
|
||||||
|
|
||||||
|
opts.paths.some(function (p) {
|
||||||
|
if (!p.match) {
|
||||||
|
// ignore
|
||||||
|
} else if ('string' === typeof p.match) {
|
||||||
|
pathMatch = (url === p.match) && (p.redirect || 301);
|
||||||
|
} else {
|
||||||
|
pathMatch = p.match.test && p.match.test(url) && (p.redirect || 301);
|
||||||
|
}
|
||||||
|
if (pathMatch) {
|
||||||
|
redirect = pathMatch;
|
||||||
|
}
|
||||||
|
return pathMatch;
|
||||||
|
});
|
||||||
// If it's not a non-0 number (because null is 0) then 'meta' is assumed.
|
// If it's not a non-0 number (because null is 0) then 'meta' is assumed.
|
||||||
if (redirect && isFinite(redirect)) {
|
if (redirect && isFinite(redirect)) {
|
||||||
res.statusCode = redirect;
|
res.statusCode = redirect;
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
{
|
{
|
||||||
"name": "redirect-https",
|
"name": "redirect-https",
|
||||||
"version": "1.2.0",
|
"version": "1.3.0",
|
||||||
"description": "Redirect from HTTP to HTTPS using meta redirects",
|
"description": "Redirect from HTTP to HTTPS using meta redirects",
|
||||||
"main": "index.js",
|
"main": "index.js",
|
||||||
"scripts": {
|
"scripts": {
|
||||||
|
|
Loading…
Reference in New Issue