如何检查请求是否通过 Express 中的 https 发送

发布于 2024-12-16 13:33:47 字数 93 浏览 0 评论 0原文

我想强制某些路线始终在我的 Express 应用程序中使用安全连接。我如何检查以确保它使用 https?

我在 heroku 上使用搭载 ssl 进行部署。

I want force certain routes to always use a secure connection in my express app. How can I check to make sure it is using https?

I am using piggyback ssl on heroku for my deployments.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

陌上青苔 2024-12-23 13:33:47

我也在 Heroku 上部署。当他们使用 nginx 进行反向代理时,他们添加了一堆标头。在这种情况下,我们感兴趣的是 x-forwarded-proto。

这就是我所做的:

app.get(/\/register$/, function(req, res){
  console.log(JSON.stringify(req.headers)); //to see all headers that heroku adds
  if(req.headers['x-forwarded-proto'] && req.headers['x-forwarded-proto'] === "http") {
    res.redirect("https://" + req.headers.host + req.url);
  }
  else {
    //the rest of your logic to handle this route
  }
});

I deploy on Heroku as well. They add a bunch of their headers when they use nginx to reverse proxy. The one of interest in this case would be x-forwarded-proto.

This is what I did:

app.get(/\/register$/, function(req, res){
  console.log(JSON.stringify(req.headers)); //to see all headers that heroku adds
  if(req.headers['x-forwarded-proto'] && req.headers['x-forwarded-proto'] === "http") {
    res.redirect("https://" + req.headers.host + req.url);
  }
  else {
    //the rest of your logic to handle this route
  }
});
她如夕阳 2024-12-23 13:33:47

app.enable('信任代理');

“在 Varnish 或 Nginx 等反向代理后面使用 Express 很简单,但它确实需要配置。通过 app.enable('trust proxy') 启用“信任代理”设置,Express 将知道它位于代理后面并且 X-Forwarded-* 标头字段可能是可信的,否则可能很容易被欺骗。”

Express 背后的代理 doco

app.enable('trust proxy');

"Using Express behind a reverse proxy such as Varnish or Nginx is trivial, however it does require configuration. By enabling the "trust proxy" setting via app.enable('trust proxy'), Express will have knowledge that it's sitting behind a proxy and that the X-Forwarded-* header fields may be trusted, which otherwise may be easily spoofed."

Express behind proxies doco

花想c 2024-12-23 13:33:47

为了运行安全服务器 (https),​​必须独立于非安全服务器 (http) 创建它。他们还会监听不同的端口。尝试这样的操作:

var express = require('express)
  , app_insecure = express.createServer()
  , app_secure = express.createServer({ key: 'mysecurekey' })

app_insecure.get('/secure-page',function(req, res){
  // This is an insecure page, redirect to secure
  res.redirect('https://www.mysecuresite.com/secure-page')
})

app_secure.get('/secure-page', function(req,res){
 // Now we're on a secure page
})

app_insecure.listen(80)
app_secure.listen(443)

或者这可以作为路由中间件实现

var redirect_secure = function(req, res, next){
  res.redirect('https://mysite.com' + req.url)
}

app_insecure.get('/secure-page',redirect_secure,function(req, res){})

现在您只需在要重定向到安全位置的路径上包含函数引用:redirect_secure() 即可。

In order to run a secure server (https) it would have to be created independently from a non-secure server (http). They would also listen on separate ports. Try something like this:

var express = require('express)
  , app_insecure = express.createServer()
  , app_secure = express.createServer({ key: 'mysecurekey' })

app_insecure.get('/secure-page',function(req, res){
  // This is an insecure page, redirect to secure
  res.redirect('https://www.mysecuresite.com/secure-page')
})

app_secure.get('/secure-page', function(req,res){
 // Now we're on a secure page
})

app_insecure.listen(80)
app_secure.listen(443)

OR this could be implemented as route middleware

var redirect_secure = function(req, res, next){
  res.redirect('https://mysite.com' + req.url)
}

app_insecure.get('/secure-page',redirect_secure,function(req, res){})

Now you would only have to include the function reference: redirect_secure() on the paths that you would like redirected to a secure location.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文