Fixes #509. Checks for encrypted or forwarded connection before redir…

…ecting (#510)
choojs · Sep 6, 2018 · 2860559 · 2860559
1 parent 9104696
commit 2860559
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/lib/http-server.js b/lib/http-server.js
@@ -90,9 +90,14 @@ function createDevServer (connectionHandler) {
     var location = 'https://' + host + req.url
     var agent = req.headers['user-agent']
 
+    // We don't want to force an HTTPS connection if we are already
+    // encrypted or we are being forwarded through a proxy that may be
+    // taking care of it.
+    var encrypted = req.headers['x-forwarded-proto'] || req.connection.encrypted
+
     // We want to force HTTPS connections, but using curl(1) or wget(1) from
     // the command line can be convenient to quickly check output.
-    if (/^(curl|wget)/i.test(agent)) {
+    if (/^(curl|wget)/i.test(agent) || encrypted) {
       return connectionHandler(req, res)
     } else {
       res.writeHead(301, { location: location })