mirror of
https://github.com/node-red/node-red.git
synced 2023-10-10 13:36:53 +02:00
Add setting to cause insecure redirect (#1054)
* add support for editor insecure redirect setting set insecureRedirect: true to cause the editor app to redirect insecure connections * document insecureRedirect * use req.originalUrl instead of req.url url has the path removed, whereas originalUrl preserves the path - ie /red
This commit is contained in:
parent
44a0f1b505
commit
6e9e694f66
@ -87,6 +87,16 @@ function init(_server,_runtime) {
|
|||||||
if (!settings.disableEditor) {
|
if (!settings.disableEditor) {
|
||||||
ui.init(runtime);
|
ui.init(runtime);
|
||||||
var editorApp = express();
|
var editorApp = express();
|
||||||
|
if (settings.insecureRedirect) {
|
||||||
|
editorApp.enable('trust proxy');
|
||||||
|
editorApp.use(function (req, res, next) {
|
||||||
|
if (req.secure) {
|
||||||
|
next();
|
||||||
|
} else {
|
||||||
|
res.redirect('https://' + req.headers.host + req.originalUrl);
|
||||||
|
}
|
||||||
|
});
|
||||||
|
}
|
||||||
editorApp.get("/",ensureRuntimeStarted,ui.ensureSlash,ui.editor);
|
editorApp.get("/",ensureRuntimeStarted,ui.ensureSlash,ui.editor);
|
||||||
editorApp.get("/icons/:icon",ui.icon);
|
editorApp.get("/icons/:icon",ui.icon);
|
||||||
theme.init(runtime);
|
theme.init(runtime);
|
||||||
|
@ -129,6 +129,10 @@ module.exports = {
|
|||||||
// cert: fs.readFileSync('certificate.pem')
|
// cert: fs.readFileSync('certificate.pem')
|
||||||
//},
|
//},
|
||||||
|
|
||||||
|
// The following property can be used to cause insecure HTTP connections to be redirected
|
||||||
|
// to HTTPS.
|
||||||
|
//insecureRedirect: false
|
||||||
|
|
||||||
// The following property can be used to disable the editor. The admin API
|
// The following property can be used to disable the editor. The admin API
|
||||||
// is not affected by this option. To disable both the editor and the admin
|
// is not affected by this option. To disable both the editor and the admin
|
||||||
// API, use either the httpRoot or httpAdminRoot properties
|
// API, use either the httpRoot or httpAdminRoot properties
|
||||||
|
Loading…
Reference in New Issue
Block a user