如何检查请求是否通过 Express 中的 https 发送
我想强制某些路线始终在我的 Express 应用程序中使用安全连接。我如何检查以确保它使用 https?
我在 heroku 上使用搭载 ssl 进行部署。
I want force certain routes to always use a secure connection in my express app. How can I check to make sure it is using https?
I am using piggyback ssl on heroku for my deployments.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
我也在 Heroku 上部署。当他们使用 nginx 进行反向代理时,他们添加了一堆标头。在这种情况下,我们感兴趣的是 x-forwarded-proto。
这就是我所做的:
I deploy on Heroku as well. They add a bunch of their headers when they use nginx to reverse proxy. The one of interest in this case would be x-forwarded-proto.
This is what I did:
app.enable('信任代理');
“在 Varnish 或 Nginx 等反向代理后面使用 Express 很简单,但它确实需要配置。通过 app.enable('trust proxy') 启用“信任代理”设置,Express 将知道它位于代理后面并且 X-Forwarded-* 标头字段可能是可信的,否则可能很容易被欺骗。”
Express 背后的代理 doco
app.enable('trust proxy');
"Using Express behind a reverse proxy such as Varnish or Nginx is trivial, however it does require configuration. By enabling the "trust proxy" setting via app.enable('trust proxy'), Express will have knowledge that it's sitting behind a proxy and that the X-Forwarded-* header fields may be trusted, which otherwise may be easily spoofed."
Express behind proxies doco
为了运行安全服务器 (https),必须独立于非安全服务器 (http) 创建它。他们还会监听不同的端口。尝试这样的操作:
或者这可以作为路由中间件实现
现在您只需在要重定向到安全位置的路径上包含函数引用:redirect_secure() 即可。
In order to run a secure server (https) it would have to be created independently from a non-secure server (http). They would also listen on separate ports. Try something like this:
OR this could be implemented as route middleware
Now you would only have to include the function reference: redirect_secure() on the paths that you would like redirected to a secure location.