From eda4179f649b6a1c17ea3385013c784ab6816424 Mon Sep 17 00:00:00 2001
From: Ryan Burnette <ryan.burnette@gmail.com>
Date: Fri, 7 Sep 2018 15:30:29 -0400
Subject: [PATCH] add headerRedirect option

---
 README.md | 4 ++--
 index.js  | 6 ++++++
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 027fa54..7a6905a 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # redirect-https
 
-Redirect from HTTP to HTTPS using meta redirects
+Redirect from HTTP to HTTPS
 
 See <https://coolaj86.com/articles/secure-your-redirects/>
 
@@ -58,7 +58,7 @@ server.listen(insecurePort, function () {
 });
 ```
 
-# Why meta redirects?
+# Meta redirect by default, but why?
 
 When something is broken (i.e. insecure), you don't want it to kinda work, you want developers to notice.
 
diff --git a/index.js b/index.js
index 9e2bbee..73f8991 100644
--- a/index.js
+++ b/index.js
@@ -33,6 +33,7 @@ module.exports = function (opts) {
     var newLocation = 'https://'
       + host.replace(/:\d+/, ':' + opts.port) + url
       ;
+
     //var encodedLocation = encodeURI(newLocation);
     var escapedLocation = escapeHtml(newLocation);
     var decodedLocation;
@@ -41,6 +42,7 @@ module.exports = function (opts) {
     } catch(e) {
       decodedLocation = newLocation; // "#/error/?error_message=" + e.toString();
     }
+
     var body = opts.body
           .replace(/{{\s*HTML_URL\s*}}/ig, escapeHtml(decodedLocation))
           .replace(/{{\s*URL\s*}}/ig, escapedLocation)
@@ -57,6 +59,10 @@ module.exports = function (opts) {
       + '</html>\n'
       ;
 
+    if (opts.headerRedirect) {
+      res.statusCode = opts.headerRedirect.responseCode || 302;
+      res.setHeader('Location', newLocation);
+    }
     res.setHeader('Content-Type', 'text/html; charset=utf-8');
     res.end(metaRedirect);
   };
-- 
2.38.5