Compare commits
No commits in common. "30612b3a96509d2af69832184a36e1ef26b8b7b4" and "b4a4a7220a9ad05cad6e58c26a74bdf851fb2008" have entirely different histories.
30612b3a96
...
b4a4a7220a
|
@ -54,7 +54,7 @@ server.on('request', require('redirect-https')({
|
||||||
}));
|
}));
|
||||||
|
|
||||||
server.listen(insecurePort, function () {
|
server.listen(insecurePort, function () {
|
||||||
console.log('Listening on http://localhost.pplwink.com:' + server.address().port);
|
console.log('Listening on http://localhost.daplie.com:' + server.address().port);
|
||||||
});
|
});
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -81,6 +81,6 @@ If your application is properly separated between static assets and api, then it
|
||||||
The incoming URL is already URI encoded by the browser but, just in case, I run an html escape on it
|
The incoming URL is already URI encoded by the browser but, just in case, I run an html escape on it
|
||||||
so that no malicious links of this sort will yield unexpected behavior:
|
so that no malicious links of this sort will yield unexpected behavior:
|
||||||
|
|
||||||
* `http://localhost.pplwink.com:8080/"><script>alert('hi')</script>`
|
* `http://localhost.daplie.com:8080/"><script>alert('hi')</script>`
|
||||||
* `http://localhost.pplwink.com:8080/';URL=http://example.com`
|
* `http://localhost.daplie.com:8080/';URL=http://example.com`
|
||||||
* `http://localhost.pplwink.com:8080/;URL=http://example.com`
|
* `http://localhost.daplie.com:8080/;URL=http://example.com`
|
||||||
|
|
12
index.js
12
index.js
|
@ -13,7 +13,7 @@ module.exports = function (opts) {
|
||||||
opts.body = "<!-- Hello Mr Developer! We don't serve insecure resources around here."
|
opts.body = "<!-- Hello Mr Developer! We don't serve insecure resources around here."
|
||||||
+ "\n Please use HTTPS instead. -->";
|
+ "\n Please use HTTPS instead. -->";
|
||||||
}
|
}
|
||||||
opts.body = opts.body.replace(/{{\s+PORT\s+}}/ig, opts.port);
|
opts.body = opts.body.replace(/{{\s+PORT\s+}}/i, opts.port);
|
||||||
|
|
||||||
return function (req, res, next) {
|
return function (req, res, next) {
|
||||||
if (req.connection.encrypted
|
if (req.connection.encrypted
|
||||||
|
@ -24,7 +24,7 @@ module.exports = function (opts) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
var url = (req.originalUrl || req.url);
|
var url = req.url;
|
||||||
var host = req.headers.host || '';
|
var host = req.headers.host || '';
|
||||||
if (!/:\d+/.test(host) && 443 !== opts.port) {
|
if (!/:\d+/.test(host) && 443 !== opts.port) {
|
||||||
// we are using standard port 80, but we aren't using standard port 443
|
// we are using standard port 80, but we aren't using standard port 443
|
||||||
|
@ -35,14 +35,14 @@ module.exports = function (opts) {
|
||||||
;
|
;
|
||||||
//var encodedLocation = encodeURI(newLocation);
|
//var encodedLocation = encodeURI(newLocation);
|
||||||
var escapedLocation = escapeHtml(newLocation);
|
var escapedLocation = escapeHtml(newLocation);
|
||||||
var decodedLocation;
|
var encodedLocation;
|
||||||
try {
|
try {
|
||||||
decodedLocation = decodeURIComponent(newLocation);
|
encodedLocation = decodeURIComponent(newLocation);
|
||||||
} catch(e) {
|
} catch(e) {
|
||||||
decodedLocation = newLocation; // "#/error/?error_message=" + e.toString();
|
encodedLocation = newLocation; // "#/error/?error_message=" + e.toString();
|
||||||
}
|
}
|
||||||
var body = opts.body
|
var body = opts.body
|
||||||
.replace(/{{\s*HTML_URL\s*}}/ig, escapeHtml(decodedLocation))
|
.replace(/{{\s*HTML_URL\s*}}/ig, escapeHtml(encodedLocation))
|
||||||
.replace(/{{\s*URL\s*}}/ig, escapedLocation)
|
.replace(/{{\s*URL\s*}}/ig, escapedLocation)
|
||||||
.replace(/{{\s*UNSAFE_URL\s*}}/ig, newLocation)
|
.replace(/{{\s*UNSAFE_URL\s*}}/ig, newLocation)
|
||||||
;
|
;
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
{
|
{
|
||||||
"name": "redirect-https",
|
"name": "redirect-https",
|
||||||
"version": "1.1.5",
|
"version": "1.1.4",
|
||||||
"description": "Redirect from HTTP to HTTPS using meta redirects",
|
"description": "Redirect from HTTP to HTTPS using meta redirects",
|
||||||
"main": "index.js",
|
"main": "index.js",
|
||||||
"scripts": {
|
"scripts": {
|
||||||
|
|
Loading…
Reference in New Issue