Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/tcort/require-https

express middleware to require requests to be secure
https://github.com/tcort/require-https

express https middleware ssl tls

Last synced: about 1 month ago
JSON representation

express middleware to require requests to be secure

Host: GitHub
URL: https://github.com/tcort/require-https
Owner: tcort
License: isc
Created: 2015-10-26T23:53:28.000Z (about 9 years ago)
Default Branch: master
Last Pushed: 2022-12-10T16:19:34.000Z (almost 2 years ago)
Last Synced: 2024-10-04T13:48:20.340Z (about 1 month ago)
Topics: express, https, middleware, ssl, tls
Language: JavaScript
Size: 147 KB
Stars: 1
Watchers: 2
Forks: 0
Open Issues: 4
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE.md

Awesome Lists containing this project

README

        # require-https

[express](http://expressjs.com/) middleware to require requests to be secure.

Unlike other similar middleware, this function does not perform redirects or attempt

to deal with insecure requests. Instead, this module fails fast and fails hard by

returning an error immediately when an insecure connection is detected.

## Installation

    npm install --save require-https

## API

### requireHttps(status, message)

Parameters:

* `status` - optional HTTP status code to include in the error when an insecure connection is detected. Defaults to `403 Forbidden`.

* `message` - optional error message to include in the error when an insecure connection is detected. Defaults to `Insecure Connection. Use HTTPS instead.`.

Returns:

* standard express middleware function.

  * middleware function accepts `(req, res, next)`

  * middleware function calls `next()` when a secure connection is detected and `next(err)` when an insecure connection is detected.

## Example

HTTPS Everywhere:

```

"use strict";

var requireHttps = require('require-https');

var express = require('express');

var app = express();

app.enable('trust proxy');

app.use(requireHttps());

app.get('/', function (req, res) {

    res.send('Hello, World!');

});

app.listen(3000);

```

HTTPS for specific routes with custom error message:

```

"use strict";

var requireHttps = require('require-https');

var express = require('express');

var app = express();

app.enable('trust proxy');

app.get('/', function (req, res) {

    res.send('Hello, World!');

});

app.get('/sensitive', requireHttps(403, 'HTTPS is required to view top secret info.'), function (req, res) {

    res.send('Top Secret!');

});

app.listen(3000);

```

## Tips

If behind a reverse proxy server such as [nginx](http://nginx.org/en/),

the `trust proxy` option must be set. See [Express behind proxies](http://expressjs.com/guide/behind-proxies.html)

for more details.

    app.enable('trust proxy');

## License

See [LICENSE.md](https://github.com/tcort/require-https/blob/master/LICENSE.md)