I have read that:
Disable HTTP access to the domain, don’t even redirect or link it to SSL.This is the best practice against MITM and phising attacks.
so how can I access only https request not redirect http to https
disable http access
Asked
Active
Viewed 94 times
0
Abdelfattah M. Abdelrahmen
- 44
- 1
- 3
-
3Weird advice, an http to https redirect is perfectly fine as long as it's a true redirect. That said: you can always use the native `https` module's `createServer` function with your `app` instead of using express' own `app.listen`. See posts like https://stackoverflow.com/questions/11744975/enabling-https-on-express-js for more information. – Mike 'Pomax' Kamermans Mar 02 '23 at 00:27
-
I'd suggest you not listen to this advice. Its the equivalent of "The safest way to drive is to: not drive." Set up https redirects, if you dont want the burden of doing that yourself cloudflare offers free http rewrites along with a multitude of other ssl/tls options. – Finbar Mar 02 '23 at 00:34