Redirect from HTTP to HTTPS using meta redirects
Go to file
AJ ONeal f4fd6c3dae Update README.md 2015-06-19 09:33:15 -06:00
.gitignore Initial commit 2015-06-19 09:15:45 -06:00
LICENSE Initial commit 2015-06-19 09:15:45 -06:00
README.md Update README.md 2015-06-19 09:33:15 -06:00

README.md

redirect-https

Redirect from HTTP to HTTPS using meta redirects

npm install --save redirect-https
var http = require('http');
var server = http.createServer();

server.on('request', require('redirect-https')({
  port: 443
, body: '<!-- Hello! Please use HTTPS instead -->'
}));

Why meta redirects?

When something is broken (i.e. insecure), you don't want it to kinda work, you want developers to notice.

Using a meta redirect will break requests from curl and api calls from a programming language, but still have all the SEO and speed benefits of a normal 301.

<html><head>
<meta http-equiv="refresh" content="0;URL='https://example.com/foo'" />
</head><body>
<!-- Hello Mr. Developer! Please use https instead. Thank you! -->
</html>

Other strategies

If your application is properly separated between static assets and api, then it would probably be more beneficial to return a 200 OK with an error message inside