Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use req.hostname instead of req.headers.host #23

Open
dchekanov opened this issue Feb 21, 2018 · 1 comment
Open

Use req.hostname instead of req.headers.host #23

dchekanov opened this issue Feb 21, 2018 · 1 comment

Comments

@dchekanov
Copy link

The balancing proxy at the hosting platform we use includes port 80 in req.headers.host (domain.com:80). When this module redirects a request, the redirect url looks like https://domain:80. Browsers seem to auto-fix it, but some other tools actually try to make a secure connection on port 80, and they fail.

I believe req.hostname should be used instead of req.headers.host when generating the redirect url. The trustProtoHeader setting won't be necessary then - app.set('trust proxy', true); would control the behavior.

I know the project doesn't get much updates, so this is mostly a warning for people to be aware of a potential issue.
@raycharius
Copy link

You could check out https://github.com/raycharius/clean-redirect

Does enforce HTTPS and other redirects (like www <==> naked) in one redirect, and is currently maintained

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dchekanov @raycharius