force-httpsAn Express module. Redirect or block requests made over external plain HTTP.
Probably won't work if you are using non standard ports on the public facing domain/interface
API``` app.use(require('force-https')) ``
Make sure to put it before any other middleware, especiallyapp.router`!
GETrequests are redirected to their HTTPS equivalents All other verbs receive an
HTTP 409with an error message, as HTTP states that one shouldn't redirect non
ProxiesIf you're behind a reverse proxy or load balancer (e.g Heroku, AWS ELB, Nginx, PaaS), you'll have to tell Express to trust the headers the proxy adds by adding
app.enable('trust proxy'), otherwise this module will try to force the connection between the proxy and the express app to over https (which probably will not work).
Why did I write this?All the other modules either seemed to either: - ignore express's
trust proxysetting and duplicate that functionality internally, - redirect
PUTrequests, - seem to