From e1b083cfac52920a849e16f22ce8e16905ca6e90 Mon Sep 17 00:00:00 2001 From: Gabriel Augendre Date: Thu, 21 Apr 2016 02:38:30 +0200 Subject: [PATCH] Enfore SSL in prod --- app.js | 6 ++++++ package.json | 1 + 2 files changed, 7 insertions(+) diff --git a/app.js b/app.js index 4cb22b7..c1123ac 100644 --- a/app.js +++ b/app.js @@ -11,10 +11,12 @@ var express = require('express'); // Express web server framework var request = require('request'); // "Request" library var querystring = require('querystring'); var cookieParser = require('cookie-parser'); +var enforce = require('express-sslify'); var client_id = process.env.CLIENT_ID; // Your client id var client_secret = process.env.CLIENT_SECRET; // Your client secret var redirect_uri = process.env.CALLBACK; // Your redirect uri +var environment = process.env.NODE_ENV; /** * Generates a random string containing numbers and letters @@ -35,6 +37,10 @@ var stateKey = 'spotify_auth_state'; var app = express(); +if (environment == 'prod' || environment == 'production') { + app.use(enforce.HTTPS({ trustProtoHeader: true })); +} + app.use(express.static(__dirname + '/public')) .use(cookieParser()); diff --git a/package.json b/package.json index 9494243..0feeea2 100644 --- a/package.json +++ b/package.json @@ -8,6 +8,7 @@ "cookie-parser": "1.3.2", "dotenv": "^2.0.0", "express": "~4.0.0", + "express-sslify": "^1.0.1", "querystring": "~0.2.0", "request": "~2.34.0", "throng": "^4.0.0"