I am developing website using BrowserSync. However, in the production version, I will be replacing .html with forward slash via .htaccess . Is it possible to achive the same result using BrowserSync?
You can start your browsersync with next server config:
server: {
baseDir: "./build",
serveStaticOptions: {
extensions: ['html']
},
middleware: function(req, res, next) {
var url = req.url;
if (url.length > 1 && url[url.length-1] === "/") {
req.url = url.slice(0, url.length - 1);
}
return next();
}
}
Not perfect solution, but if you go to http://foo/bar/ instead http://foo/bar.html it will not cause get error.
Related
I'm running a nodejs webapp on Heroku and I want to redirect all users that access via http to https with the corresponding URL.
I have it mostly working however the user is redirected to the home page if no subdomain is specified. Any idea what is going on here?
The node rerouting middleware:
app.enable('trust proxy');
app.use((req, res, next) => {
if (req.get('X-Forwarded-Proto') !== 'https') {
res.redirect(`https://${req.headers.host + req.url}`);
} else {
next();
}
});
Works:
http://www.example.com/page redirects to https://www.example.com/page
Fails:
http://example.com/page redirects to https://www.example.com
Because req.url is an inherited property from Node.JS's http module and does not necessarily contain the original URL. Express.JS documentation also states it, https://expressjs.com/en/api.html#req.originalUrl
If you want to retain the original url you should use the correct property, which is originalUrl.
app.enable('trust proxy');
app.use((req, res, next) => {
if (req.get('X-Forwarded-Proto') !== 'https') {
res.redirect(`https://${req.headers.host + req.originalUrl}`);
} else {
next();
}
});
I have my cert and key and they are working well on my site and now I need to redirect my urls from the http to https urls. I have the http port 5000 and my https port are 443 so to redirecting from a http link like that: http://localhost:5000/signin to https link it will be like that https://localhost/signin
So I created this code and it worked without any problems on my all urls
function requireHTTPS(req, res, next) {
if (!req.secure) {
var domain = "https://" + req.hostname;
if (process.env["SSL_PORT"]) {
domain = domain.replace(/:\d+$/, "");
domain += ":" + process.env["SSL_PORT"];
}
//FYI this should work for local development as well
return res.redirect(domain + req.url);
}
next();
}
app.use(requireHTTPS);
Except this url: http://localhost:5000/
It's supposed to redirect to something like that: https://localhost/
But it always gives me this result: https://localhost:5000/
And it gives me this error?
An error occurred during a connection to localhost:5000. PR_END_OF_FILE_ERROR
So how do I redirect correctly?
the '/' path
app.get('/', function(req, res) {
if(req.user === undefined) {
res.render('visitorsindex');
} else {
res.redirect('/themainpage');
}
});
It looks like your problem is with this line:
domain = domain.replace(/:\d+$/, "");
This regular expression matches a colon plus 1 or more numeric digits at the end of the string. So, the following will work:
http://localhost:5000 becomes http://localhost
But this will not:
http://localhost:5000/ becomes http://localhost:5000/
Why? Because the port number is not at the end of the string; the "/" character is.
You can change the regular expression to the following:
domain = domain.replace(/:\d+[/]?$/, "");
This regex will optionally include the "/" at the end of the string.
But that's only going to match URLs without a path. You could extend the regex further to handle paths as well, but a better solution would be to use the node.js URL module to parse the URL and change the port in a safe way.
Try:
domain.replace(/:\d+|\/$/, "");
var http = require('http');
http.createServer(function (req, res) {
res.writeHead(301, { "Location": "https://" + req.headers['host'] + req.url });
res.end();
}).listen(80);
I am using the code below to redirect all my traffic to https version without www i.e. for one my application hosted on a subdomain. It should work for the following cases:
http://subdomain.domain.com
http://www.subdomain.domain.com
https://www.subdomain.domain.com
www.subdomain.domain.com
All the above should redirect to https://subdomain.domain.com.
I am trying out this on my Node.js application.
app.use('*', function(req, res, next) {
// https
if (req.headers["x-forwarded-proto"] == "https") {
// https with www
if (req.headers.host.match(/^www/) !== null) {
res.redirect(301, 'https://' + req.headers.host.replace(/^www\./, '') + req.url);
}
// https without www
else {
next();
}
}
// http
else {
// http with www
if (req.headers.host.match(/^www/) !== null) {
res.redirect(301, 'https://' + req.headers.host.replace(/^www\./, '') + req.url);
}
// http without www
else {
res.redirect("https://subdomain.domain.com" + req.url);
}
}
});
I am not able to get the redirection working. For the fourth URL i.e. www.subdomain.domain.com, I have updated my DNS as well.
Below Code Snippet Check if URL is not secure it redirects to https with replacing www from url.
app.use('*',function(req, res, next){
if (!req.secure) {
res.redirect('https://' + req.headers.host.replace(/\/\/www\./, '') + req.url);
}
next();
})
I want to allow only https traffic to my Hapi Js server.
In this thread:
Node.JS, Express and Heroku - how to handle HTTP and HTTPS?
it was accomplished by:
if (process.env.NODE_ENV == 'production') {
app.use(function (req, res, next) {
res.setHeader('Strict-Transport-Security', 'max-age=8640000; includeSubDomains');
if (req.headers['x-forwarded-proto'] && req.headers['x-forwarded-proto'] === "http") {
return res.redirect(301, 'https://' + req.host + req.url);
} else {
return next();
}
});
}
This is a good npm module for this: https://www.npmjs.org/package/hapi-require-https
This is my (fairly hacky) solution:
// redirect all http request to secure route
if ('production' === process.env.NODE_ENV) {
server.ext('onRequest', function (request, next) {
if (request.headers['x-forwarded-proto'] !== 'https') {
request.originalPath = request.path;
request.setUrl('/redirect');
}
next();
});
server.route([{
method: 'GET',
path: '/redirect',
handler: function (request, reply) {
var host = request.headers.host;
reply().redirect('https://' + host + request.originalPath);
}
}]);
}
Maybe someone can come up with something cleaner.
Warning: This does not prevent insecure http traffic. It just redirects the browsers to https locations.
I am using the following to redirect all http requests to https requests.
I can see from logs that the header 'x-forwarded-proto' is never populated and is undefined.
app.get('*', function(req, res, next) {
//http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/TerminologyandKeyConcepts.html#x-forwarded-proto
if (req.headers['x-forwarded-proto'] != "https") {
res.redirect('https://' + req.get('host') + req.url);
} else {
next();
}
});
It is causing a redirect loop. How can I redirect properly without looping?
edit:
my original answer below is for express 3.x, for 4.x you can get a string http or https in req.protocol, thx #BrandonClark
use req.get, not req.headers. Note that POST requests and all other non-GET will not see this middleware.
It's also possible that Express does not carry the x-forwarded-proto header across when you redirect. You may need to set it yourself.
app.get('*', function(req, res, next) {
//http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/TerminologyandKeyConcepts.html#x-forwarded-proto
if (req.get('x-forwarded-proto') != "https") {
res.set('x-forwarded-proto', 'https');
res.redirect('https://' + req.get('host') + req.url);
} else {
next();
}
});
Another way to force https:
function ensureSecure(req, res, next){
if(req.secure){
// OK, continue
return next();
};
res.redirect('https://'+req.host+req.url); // handle port numbers if non 443
};
app.all('*', ensureSecure);
You can edit the nginx config file in the EC2 instance. SSH to ec2 instance and follow the following steps
go to /etc/nginx/conf.d
open 00_elastic_beanstalk_proxy.conf
sudo vi 00_elastic_beanstalk_proxy.conf
put
location / {
if ($http_x_forwarded_proto != 'https') {
rewrite ^ https://$host$request_uri? permanent;
}
…
}
reload nginx
sudo /usr/sbin/nginx -s reload