chore: add env parameter for enforce https (#1042)

* env parameter for enforce https * Update app.js fix format for multi-line condition * Update app.js fix code format * Update app.js
2019-09-19 15:26:27 +09:00 · 2019-09-19 15:26:27 +09:00 · 3292d95d8b
parent 18658e354a
commit 3292d95d8b
2 changed files with 12 additions and 6 deletions
--- a/.env.sample
+++ b/.env.sample
@ -11,6 +11,8 @@ REDIS_URL=redis://redis:6379

 URL=http://localhost:3000
 PORT=3000
+# enforce https in production mode (optional - default is true)
+# FORCE_HTTPS=true

 DEPLOYMENT=self
 ENABLE_UPDATES=true
--- a/server/app.js
+++ b/server/app.js
@ -75,12 +75,16 @@ if (process.env.NODE_ENV === 'development') {

  app.use(mount('/emails', emails));
 } else if (process.env.NODE_ENV === 'production') {
-  // Force HTTPS on all pages
-  app.use(
-    enforceHttps({
-      trustProtoHeader: true,
-    })
-  );
+  // Force redirect to HTTPS protocol unless explicitly disabled
+  if (process.env.FORCE_HTTPS !== 'false') {
+    app.use(
+      enforceHttps({
+        trustProtoHeader: true,
+      })
+    );
+  } else {
+    console.warn('Enforced https was disabled with FORCE_HTTPS env variable');
+  }

  // trust header fields set by our proxy. eg X-Forwarded-For
  app.proxy = true;