Add headerRedirect option #1
|
@ -1,6 +1,6 @@
|
|||
# redirect-https
|
||||
|
||||
Redirect from HTTP to HTTPS using meta redirects
|
||||
Redirect from HTTP to HTTPS
|
||||
|
||||
See <https://coolaj86.com/articles/secure-your-redirects/>
|
||||
|
||||
|
@ -58,7 +58,7 @@ server.listen(insecurePort, function () {
|
|||
});
|
||||
```
|
||||
|
||||
# Why meta redirects?
|
||||
# Meta redirect by default, but why?
|
||||
|
||||
When something is broken (i.e. insecure), you don't want it to kinda work, you want developers to notice.
|
||||
|
||||
|
|
6
index.js
6
index.js
|
@ -33,6 +33,7 @@ module.exports = function (opts) {
|
|||
var newLocation = 'https://'
|
||||
+ host.replace(/:\d+/, ':' + opts.port) + url
|
||||
;
|
||||
|
||||
//var encodedLocation = encodeURI(newLocation);
|
||||
var escapedLocation = escapeHtml(newLocation);
|
||||
var decodedLocation;
|
||||
|
@ -41,6 +42,7 @@ module.exports = function (opts) {
|
|||
} catch(e) {
|
||||
decodedLocation = newLocation; // "#/error/?error_message=" + e.toString();
|
||||
}
|
||||
|
||||
var body = opts.body
|
||||
.replace(/{{\s*HTML_URL\s*}}/ig, escapeHtml(decodedLocation))
|
||||
.replace(/{{\s*URL\s*}}/ig, escapedLocation)
|
||||
|
@ -57,6 +59,10 @@ module.exports = function (opts) {
|
|||
+ '</html>\n'
|
||||
;
|
||||
|
||||
if (opts.headerRedirect) {
|
||||
res.statusCode = opts.headerRedirect.responseCode || 302;
|
||||
res.setHeader('Location', newLocation);
|
||||
}
|
||||
res.setHeader('Content-Type', 'text/html; charset=utf-8');
|
||||
res.end(metaRedirect);
|
||||
};
|
||||
|
|
Loading…
Reference in New Issue