Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/justinbeckwith/yes-https
Say yes to https with express and connect.
https://github.com/justinbeckwith/yes-https
express https nodejs
Last synced: about 2 months ago
JSON representation
Say yes to https with express and connect.
- Host: GitHub
- URL: https://github.com/justinbeckwith/yes-https
- Owner: JustinBeckwith
- License: mit
- Created: 2016-12-06T06:20:37.000Z (about 8 years ago)
- Default Branch: main
- Last Pushed: 2024-04-24T17:54:59.000Z (8 months ago)
- Last Synced: 2024-04-24T19:38:37.777Z (8 months ago)
- Topics: express, https, nodejs
- Language: JavaScript
- Homepage:
- Size: 465 KB
- Stars: 31
- Watchers: 4
- Forks: 2
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE.md
Awesome Lists containing this project
README
# YES HTTPS!
[![Build Status](https://github.com/JustinBeckwith/yes-https/workflows/ci/badge.svg)](https://github.com/JustinBeckwith/yes-https/actions/)
[![npm version](https://badge.fury.io/js/yes-https.svg)](https://badge.fury.io/js/yes-https)
[![XO code style](https://img.shields.io/badge/code_style-XO-5ed9c7.svg)](https://github.com/xojs/xo)
[![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg)](https://github.com/semantic-release/semantic-release)`yes-https` is a happy little npm module that makes it easy to require `https` for your connect based application.
It does this two ways:
- Setting the `Strict-Transport-Security` HTTP header. Learn more at [OWASP](https://www.owasp.org/index.php/HTTP_Strict_Transport_Security_Cheat_Sheet).
- Automatically sending an HTTP 301 for the first request. This is often overlooked, as HSTS only works after the browser hits the https endpoint the first time.## Installation
`npm install yes-https`
## Usage
```js
import yes from 'yes-https';
import express from 'express';let app = express();
// Use the yes-https connect middleware. Note - this will only work if NODE_ENV is set to production.
app.use(yes());app.get('/', (req, res) => {
res.end('Thanks for checking it out!');
});const server = app.listen(process.env.PORT || 3000, () => {
console.log('App listening on port %s', server.address().port);
console.log('Press Ctrl+C to quit.');
});
```You can also set a few settings with the middleware to control the header:
```js
app.use(yes({
maxAge: 86400, // defaults `86400`
includeSubdomains: true, // defaults `true`
preload: true // defaults `true`
}));
```### Ignoring specific requests
In some cases, you may want to ignore a request and not force the redirect. You can use the `ignoreFilter` option to opt out of redirects on a case by case basis. This is useful if you want to ignore a specific route:
```js
app.use(yes({
ignoreFilter: (req) => {
return (req.url.indexOf('/_ah/health') > -1);
}
}));
```## Contributing
Pull requests welcomed!