krikkert/habitica
1
0
Fork 0
mirror of https://github.com/HabitRPG/habitica.git synced 2025-12-14 21:27:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5685 from gisikw/allow-proxy-bypass

Browse Source 
Allow x-habitica-lb: yes suffice to bypass SSL redirect
This commit is contained in:
Kevin Gisi
2015-07-28 19:27:08 -04:00
parent 60d6a479de 3be5c2cb96
commit 39b19636d7
1 changed files with 19 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
website/src/middleware.js
View File

@@ -87,16 +87,29 @@ module.exports.errorHandler = function(err, req, res, next) {
res.json(500,{err:message}); //res.end(err.message);
}
function isHTTP(req) {
var baseUrl = nconf.get("BASE_URL");
return (
req.headers['x-forwarded-proto'] &&
req.headers['x-forwarded-proto'] !== 'https' &&
nconf.get('NODE_ENV') === 'production' &&
baseUrl.indexOf('https') === 0
);
}
function isProxied(req) {
return (
req.headers['x-habitica-lb'] &&
req.headers['x-habitica-lb'] === 'Yes'
);
}
module.exports.forceSSL = function(req, res, next){
var baseUrl = nconf.get("BASE_URL");
// Note x-forwarded-proto is used by Heroku & nginx, you'll have to do something different if you're not using those
if (req.headers['x-forwarded-proto'] && req.headers['x-forwarded-proto'] !== 'https'
&& nconf.get('NODE_ENV') === 'production'
&& baseUrl.indexOf('https') === 0) {
if(isHTTP(req) && !isProxied(req)) {
return res.redirect(baseUrl + req.url);
}
next()
next();
}
module.exports.cors = function(req, res, next) {