0

I'm trying to serve HTTPS and listen to POST request and it doesn't respond to the request.

I'm using node 0.12.6 and express 4.13.3

I think that the routing should be set differently but Iā€™m not sure how.. 

var fs = require('fs');
var express = require('express');
var app = express();
var https = require('https');

var privateKey  = fs.readFileSync('my_key.key', 'utf8');
var certificate = fs.readFileSync('my_cert.crt', 'utf8');

https.createServer({key: privateKey, cert: certificate}).listen(3000);
app.post('/process', function(req, res) {
  res.send('processing...');
});
tzvika ofek
  • 53
  • 11

3 Answers3

1

You should listen on app, not https.

https isn't even required if you're using expressjs

var fs = require('fs');
var express = require('express');
var app = express();

var privateKey  = fs.readFileSync('my_key.key', 'utf8');
var certificate = fs.readFileSync('my_cert.crt', 'utf8');


app.post('/process', function(req, res) {
  // do something
}).listen(3000);
notgiorgi
  • 1,691
  • 12
  • 27
  • I got this error on firefox: Loading mixed (insecure) active content "http://localhost:3000/process" on a secure page Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:3000/process. (Reason: CORS request failed). ā€“ tzvika ofek Sep 16 '15 at 12:10
  • That should be a problem of AJAX request, are you using it? ā€“ notgiorgi Oct 23 '15 at 13:05
0

You are not passing your express app as an option to your https server after your credentials. So when this server is being hit with the post it doesn't know to use the express route to respond. The following code block is from This question and is the same way that I implement https and is pretty easy to read/follow.

var fs = require('fs');
var http = require('http');
var https = require('https');
var privateKey  = fs.readFileSync('sslcert/server.key', 'utf8');
var certificate = fs.readFileSync('sslcert/server.crt', 'utf8');

var credentials = {key: privateKey, cert: certificate};
var express = require('express');
var app = express();

// your express configuration here

var httpServer = http.createServer(app);
var httpsServer = https.createServer(credentials, app);

httpServer.listen(80);
httpsServer.listen(443);

Notice the app being passed as the second option in https.createServer(credentials, app); You can do away with the httpServer if you want but doing it this way also allows you to handle http requests in whatever way that you want. This is useful if the user uses http instead of https in their address. You can then use the http server to redirect them to the secure https route.

If you continue to have CORS issues, try adding 

app.all('*', function(req, res, next) { 
    res.header("Access-Control-Allow-Origin", "*"); 
    res.header("Access-Control-Allow-Headers", "X-Requested-With"); 
    res.header("Access-Control-Allow-Headers", "Content-Type"); 
    res.header("Access-Control-Allow-Methods", "DELETE, PUT, POST"); 
    next(); 
});

to your express configurations. This will allow cross domain requests to your server

Community
  • 1
  • 1
Danny H
  • 366
  • 2
  • 7
0

Thanks all,

the problem was on client actually. I got "connection refused" when doing xmlhttprequest to localhost. Altough it was the same server, when I used server name , problem solved.

As for CORS, i used CORS npm and 

app.use(cors());
tzvika ofek
  • 53
  • 11