{"library":"redirect-https","title":"HTTP to HTTPS Redirect Middleware","description":"redirect-https is a Node.js middleware designed for securing web applications by forcing HTTP traffic to HTTPS. It primarily functions by issuing a 301 (Moved Permanently) redirect for browsers while opting for an HTML meta refresh redirect for non-browser clients like APIs, bots, and `curl` requests. This deliberate choice aims to make developers aware of insecure HTTP usage, preventing silent failures often associated with direct 301s for programmatic access. The package is currently at version 1.3.1 and is a mature, stable utility with an infrequent release cadence, focusing on its core secure-by-default philosophy rather than extensive configurability. It is compatible with Express.js and standard Node.js `http` servers, offering options for custom body messages, proxy trust configuration, and specific path matching for advanced scenarios. Its key differentiator is the \"secure-by-default\" meta redirect strategy to surface security issues to developers.","language":"javascript","status":"maintenance","last_verified":"Thu Apr 23","install":{"commands":["npm install redirect-https"],"cli":null},"imports":["const redirector = require('redirect-https')({ /* options */ });","const createRedirectMiddleware = require('redirect-https');\nconst redirector = createRedirectMiddleware({ port: 443 });","app.use('/', require('redirect-https')({ trustProxy: true }));"],"auth":{"required":false,"env_vars":[]},"quickstart":{"code":"\"use strict\";\n\nvar http = require(\"http\");\nvar server = http.createServer();\nvar securePort = process.argv[2] || 8443;\nvar insecurePort = process.argv[3] || 8080;\n\nvar redirector = require(\"redirect-https\")({\n    port: securePort,\n    body: \"<!-- Hello! Please use HTTPS instead: {{ URL }} -->\",\n    trustProxy: true // default is false\n});\n\nserver.on(\"request\", redirector);\n\nserver.listen(insecurePort, function () {\n    console.log(\n        \"Listening on http://localhost.rootprojects.org:\" +\n            server.address().port\n    );\n});","lang":"javascript","description":"This example demonstrates how to set up `redirect-https` with a standard Node.js HTTP server, forcing redirects from an insecure port to a secure one, and configuring `trustProxy` for reverse proxy setups.","tag":null,"tag_description":null,"last_tested":null,"results":[]},"compatibility":null}