diff --git a/README.md b/README.md index 027fa54..7a6905a 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # redirect-https -Redirect from HTTP to HTTPS using meta redirects +Redirect from HTTP to HTTPS See @@ -58,7 +58,7 @@ server.listen(insecurePort, function () { }); ``` -# Why meta redirects? +# Meta redirect by default, but why? When something is broken (i.e. insecure), you don't want it to kinda work, you want developers to notice. diff --git a/index.js b/index.js index 9e2bbee..73f8991 100644 --- a/index.js +++ b/index.js @@ -33,6 +33,7 @@ module.exports = function (opts) { var newLocation = 'https://' + host.replace(/:\d+/, ':' + opts.port) + url ; + //var encodedLocation = encodeURI(newLocation); var escapedLocation = escapeHtml(newLocation); var decodedLocation; @@ -41,6 +42,7 @@ module.exports = function (opts) { } catch(e) { decodedLocation = newLocation; // "#/error/?error_message=" + e.toString(); } + var body = opts.body .replace(/{{\s*HTML_URL\s*}}/ig, escapeHtml(decodedLocation)) .replace(/{{\s*URL\s*}}/ig, escapedLocation) @@ -57,6 +59,10 @@ module.exports = function (opts) { + '\n' ; + if (opts.headerRedirect) { + res.statusCode = opts.headerRedirect.responseCode || 302; + res.setHeader('Location', newLocation); + } res.setHeader('Content-Type', 'text/html; charset=utf-8'); res.end(metaRedirect); };