README.md

@@ -1,6 +1,6 @@
 # redirect-https
 
-Redirect from HTTP to HTTPS using meta redirects
+Redirect from HTTP to HTTPS
 
 See <https://coolaj86.com/articles/secure-your-redirects/>
 
@@ -58,7 +58,7 @@ server.listen(insecurePort, function () {
 });
 ```
 
-# Why meta redirects?
+# Meta redirect by default, but why?
 
 When something is broken (i.e. insecure), you don't want it to kinda work, you want developers to notice.
 

index.js

@@ -33,6 +33,7 @@ module.exports = function (opts) {
     var newLocation = 'https://'
       + host.replace(/:\d+/, ':' + opts.port) + url
       ;
+
     //var encodedLocation = encodeURI(newLocation);
     var escapedLocation = escapeHtml(newLocation);
     var decodedLocation;
@@ -41,6 +42,7 @@ module.exports = function (opts) {
     } catch(e) {
       decodedLocation = newLocation; // "#/error/?error_message=" + e.toString();
     }
+
     var body = opts.body
           .replace(/{{\s*HTML_URL\s*}}/ig, escapeHtml(decodedLocation))
           .replace(/{{\s*URL\s*}}/ig, escapedLocation)
@@ -57,6 +59,10 @@ module.exports = function (opts) {
       + '</html>\n'
       ;
 
+    if (opts.headerRedirect) {
+      res.statusCode = opts.headerRedirect.responseCode || 302;
+      res.setHeader('Location', newLocation);
+    }
     res.setHeader('Content-Type', 'text/html; charset=utf-8');
     res.end(metaRedirect);
   };