krikkert/habitica
1
0
Fork 0
mirror of https://github.com/HabitRPG/habitica.git synced 2025-12-15 21:57:22 +01:00
Code Issues Packages Projects Releases Wiki Activity

allow skipping SSL check with secret key (#10962)

Browse Source
This commit is contained in:
Matteo Pagliazzi
2019-01-23 17:10:11 +01:00
committed by GitHub
parent 7cb045781b
commit 04a7fd25a6
3 changed files with 40 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
website/server/middlewares/redirects.js
View File

@@ -4,6 +4,9 @@ import url from 'url';
const IS_PROD = nconf.get('IS_PROD');
const IGNORE_REDIRECT = nconf.get('IGNORE_REDIRECT') === 'true';
const BASE_URL = nconf.get('BASE_URL');
// A secret key that if passed as req.query.skipSSLCheck allows to skip
// the redirects to SSL, used for health checks from the load balancer
const SKIP_SSL_CHECK_KEY = nconf.get('SKIP_SSL_CHECK_KEY');
const BASE_URL_HOST = url.parse(BASE_URL).hostname;
@@ -17,7 +20,8 @@ function isHTTP (req) {
}
export function forceSSL (req, res, next) {
if (isHTTP(req)) {
const skipSSLCheck = req.query.skipSSLCheck;
if (isHTTP(req) && (!skipSSLCheck || skipSSLCheck !== SKIP_SSL_CHECK_KEY)) {
return res.redirect(BASE_URL + req.originalUrl);
}