1
0
mirror of https://github.com/node-red/node-red.git synced 2023-10-10 13:36:53 +02:00

Add setting to cause insecure redirect (#1054)

* add support for editor insecure redirect setting

set insecureRedirect: true to cause the editor app to redirect insecure connections

* document insecureRedirect

* use req.originalUrl instead of req.url

url has the path removed, whereas originalUrl preserves the path - ie /red
This commit is contained in:
Paul Slater 2016-11-16 14:17:47 +00:00 committed by Nick O'Leary
parent 44a0f1b505
commit 6e9e694f66
2 changed files with 14 additions and 0 deletions

View File

@ -87,6 +87,16 @@ function init(_server,_runtime) {
if (!settings.disableEditor) { if (!settings.disableEditor) {
ui.init(runtime); ui.init(runtime);
var editorApp = express(); var editorApp = express();
if (settings.insecureRedirect) {
editorApp.enable('trust proxy');
editorApp.use(function (req, res, next) {
if (req.secure) {
next();
} else {
res.redirect('https://' + req.headers.host + req.originalUrl);
}
});
}
editorApp.get("/",ensureRuntimeStarted,ui.ensureSlash,ui.editor); editorApp.get("/",ensureRuntimeStarted,ui.ensureSlash,ui.editor);
editorApp.get("/icons/:icon",ui.icon); editorApp.get("/icons/:icon",ui.icon);
theme.init(runtime); theme.init(runtime);

View File

@ -129,6 +129,10 @@ module.exports = {
// cert: fs.readFileSync('certificate.pem') // cert: fs.readFileSync('certificate.pem')
//}, //},
// The following property can be used to cause insecure HTTP connections to be redirected
// to HTTPS.
//insecureRedirect: false
// The following property can be used to disable the editor. The admin API // The following property can be used to disable the editor. The admin API
// is not affected by this option. To disable both the editor and the admin // is not affected by this option. To disable both the editor and the admin
// API, use either the httpRoot or httpAdminRoot properties // API, use either the httpRoot or httpAdminRoot properties