coolaj86
/
redirect-https.js
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Add headerRedirect option #1

Merged
coolaj86 merged 1 commits from :master into master 2018-10-02 22:59:42 +00:00
Conversation 5 Commits 1 Files Changed 2 +8 -2
2 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@ -1,6 +1,6 @@
# redirect-https
Redirect from HTTP to HTTPS using meta redirects
Redirect from HTTP to HTTPS
See <https://coolaj86.com/articles/secure-your-redirects/>
@ -58,7 +58,7 @@ server.listen(insecurePort, function () {
});
```
# Why meta redirects?
# Meta redirect by default, but why?
When something is broken (i.e. insecure), you don't want it to kinda work, you want developers to notice.

6
index.js
View File

@ -33,6 +33,7 @@ module.exports = function (opts) {
var newLocation = 'https://'
+ host.replace(/:\d+/, ':' + opts.port) + url
;
//var encodedLocation = encodeURI(newLocation);
var escapedLocation = escapeHtml(newLocation);
var decodedLocation;
@ -41,6 +42,7 @@ module.exports = function (opts) {
} catch(e) {
decodedLocation = newLocation; // "#/error/?error_message=" + e.toString();
}
var body = opts.body
.replace(/{{\s*HTML_URL\s*}}/ig, escapeHtml(decodedLocation))
.replace(/{{\s*URL\s*}}/ig, escapedLocation)
@ -57,6 +59,10 @@ module.exports = function (opts) {
+ '</html>\n'
;
if (opts.headerRedirect) {
res.statusCode = opts.headerRedirect.responseCode || 302;
res.setHeader('Location', newLocation);
}
res.setHeader('Content-Type', 'text/html; charset=utf-8');
res.end(metaRedirect);
};