1

As per the title, I have a Node.js application and I want to be able to detect whether a request is being made over HTTPS or HTTP. So far my redirection looks like this:

// Ensure the page is secure, or that we are running a development build
if (req.headers['x-forwarded-proto'] === 'https' || process.env.NODE_ENV === 'development') {
    res.render('index');
} else {
    winston.info('Request for login page made over HTTP, redirecting to HTTPS');
    res.redirect('https://' + req.host);
}

Which works fine on Nodejitsu, but a redirected HTTPS request doesn't have the 'x-forwarded-proto' header set on Azure.

4

3 に答える 3

6

私のコメントは正しかったと思います:

X-ARR-SSLチェックするヘッダーのようです。

// Ensure the page is secure, or that we are running a development build
if (req.headers['x-forwarded-proto'] === 'https' || req.headers['x-arr-ssl'] || process.env.NODE_ENV === 'development') {
    res.render('index');
} else {
    winston.info('Request for login page made over HTTP, redirecting to HTTPS');
    res.redirect('https://' + req.host);
}
于 2013-02-28T15:27:43.570 に答える
4

Ran into the exact same issue, but solved it in a different way. If you're using Express and enable trust proxy then req.protocol will pick up the x-forwarded-proto header. Azure doesn't set the x-forwarded-proto header, but you can use the x-arr-ssl header to hack it in manually so that req.protocol will return the correct value in the rest of your app.

Here's a gist: https://gist.github.com/freshlogic/6348417

var express = require('express');

var app = express();
app.enable('trust proxy');

// HACK: Azure doesn't support X-Forwarded-Proto so we add it manually
app.use(function(req, res, next) {
    if(req.headers['x-arr-ssl'] && !req.headers['x-forwarded-proto']) {
        req.headers['x-forwarded-proto'] = 'https';
    }

    return next();
});
于 2013-08-27T00:52:22.800 に答える
0

UPDATE-2021: This is a very old answer. For a long time there is an option on all app service plans that support Custom domains. Go to the Custom domains blade in the azure portal for the App Service and set the HTTPS only checkbox. This will redirect even before traffic hits the app service.

于 2021-07-24T14:23:19.057 に答える