Add setting to cause insecure redirect (#1054)

* add support for editor insecure redirect setting set insecureRedirect: true to cause the editor app to redirect insecure connections * document insecureRedirect * use req.originalUrl instead of req.url url has the path removed, whereas originalUrl preserves the path - ie /red
2025-03-01 10:36:34 +00:00 · 2016-11-16 14:17:47 +00:00
parent 44a0f1b505
commit 6e9e694f66
2 changed files with 14 additions and 0 deletions
--- a/red/api/index.js
+++ b/red/api/index.js
@@ -87,6 +87,16 @@ function init(_server,_runtime) {
        if (!settings.disableEditor) {
            ui.init(runtime);
            var editorApp = express();
+            if (settings.insecureRedirect) {
+                editorApp.enable('trust proxy');
+                editorApp.use(function (req, res, next) {
+                    if (req.secure) {
+                        next();
+                    } else {
+                        res.redirect('https://' + req.headers.host + req.originalUrl);
+                    }
+                });
+            }
            editorApp.get("/",ensureRuntimeStarted,ui.ensureSlash,ui.editor);
            editorApp.get("/icons/:icon",ui.icon);
            theme.init(runtime);
--- a/settings.js
+++ b/settings.js
@@ -129,6 +129,10 @@ module.exports = {
    //    cert: fs.readFileSync('certificate.pem')
    //},

+    // The following property can be used to cause insecure HTTP connections to be redirected
+    // to HTTPS.
+    //insecureRedirect: false
+
    // The following property can be used to disable the editor. The admin API
    // is not affected by this option. To disable both the editor and the admin
    // API, use either the httpRoot or httpAdminRoot properties