Enforce SSL for Express apps
express-ssl enforces SSL for Express apps.
Simply require and use the function exported by this module:
var ssl = require('express-ssl');
var app = require('express')();
app.use(ssl());
The function requires an optional object of options:
disabled
: (default false
) If true
, this middleware will allow alltrustProxy
: (default false
) If true
, trust the x-forwarded-proto
disallow
: A function called with the request and response so that the userBy default, this middleware will only run when process.env.NODE_ENV
is set to
"production". Unless a disallow
function is supplied it will respond with the
status code 403 and the body "Please use HTTPS when communicating with this
server."
While I created and maintain this project, it was done while I was an employee of Heroku on the Human Interfaces Team, and they were kind enough to allow me to open source the work. Heroku is awesome.