Heroku http to https forwarding issue

Question

Using Node/Express in a Heroku hosted app. I have an http to https forwarding function, which had worked but no longer.

I had forwarding working with the following from my app.configure('production'...:

app.configure('production', function() {
return app.use(function(req, res, next) {
    if (req.header('x-forwarded-proto') !== 'https') {
        return res.redirect("https://" + (req.header('host')) + req.url);
    } else {
        return next();
    }
});

It worked, I was satisfied and moved on to implement Redis-to-go instead of MemoryStorage and then to implement csrf middleware. Both of those features are working but now I'm finding that I can access my app through http://... whereas before that would have been caught and auto-forwarded to the https://... and the friendly green padlock.

Any idea what could have gone sour in the interim?

score 0 · Accepted Answer · answered Aug 19 '13 at 14:09

0

Self-answer:

Somewhere during the csrf implementation process, I made the following change to my app.configure section:

app.use(app.router);

I'd read this usage in the csrf demonstrations. But I don't know if it's necessary. Csrf middleware functionality seems un-affected when I commented that line out, and the Heroku redirect works as before.

answered Aug 19 '13 at 14:09

Wylie Kulik

696
5
17

Not really sure how app.router interferes with express.req but that's my best guess as to what happened. – Wylie Kulik Aug 19 '13 at 14:24
http://stackoverflow.com/questions/12695591/node-js-express-js-how-does-app-router-work – Wylie Kulik Aug 21 '13 at 19:44

Heroku http to https forwarding issue

1 Answers1