Centralize x-forwarded-proto handling; fixes #542

This commit is contained in:
calzoneman 2015-12-12 16:25:59 -08:00
parent 1f9e396e05
commit 27af66075e
3 changed files with 13 additions and 9 deletions

View File

@ -29,14 +29,7 @@ function merge(locals, res) {
function getBaseUrl(res) {
var req = res.req;
var proto;
if (["http", "https"].indexOf(req.header("x-forwarded-proto")) >= 0) {
proto = req.header("x-forwarded-proto");
} else {
proto = req.protocol;
}
return proto + "://" + req.header("host");
return req.realProtocol + "://" + req.header("host");
}
/**

View File

@ -22,9 +22,19 @@ export default function initialize(app, webConfig) {
return req.ip;
}
function getForwardedProto(req) {
const xForwardedProto = req.header('x-forwarded-proto');
if (xForwardedProto && xForwardedProto.match(/^https?$/)) {
return xForwardedProto;
} else {
return req.protocol;
}
}
app.use((req, res, next) => {
if (isTrustedProxy(req.ip)) {
req.realIP = getForwardedIP(req);
req.realProtocol = getForwardedProto(req);
}
next();

View File

@ -31,7 +31,8 @@ function initializeLog(app) {
* Redirects a request to HTTPS if the server supports it
*/
function redirectHttps(req, res) {
if (!req.secure && Config.get('https.enabled') && Config.get('https.redirect')) {
if (req.realProtocol !== 'https' && Config.get('https.enabled') &&
Config.get('https.redirect')) {
var ssldomain = Config.get('https.full-address');
if (ssldomain.indexOf(req.hostname) < 0) {
return false;