From e30adbaac2593d6434156d8c66897eb283f3eea3 Mon Sep 17 00:00:00 2001
From: Tom Moor <tom.moor@gmail.com>
Date: Wed, 16 Sep 2020 00:13:12 -0700
Subject: [PATCH] fix: Flip production/development NODE_ENV logic closes #1548

---
 .env.sample   |  2 +-
 server/app.js | 30 +++++++++++++++---------------
 2 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/.env.sample b/.env.sample
index da9204d2..99a5c81d 100644
--- a/.env.sample
+++ b/.env.sample
@@ -14,7 +14,7 @@ URL=http://localhost:3000
 PORT=3000
 
 # enforce (auto redirect to) https in production, (optional) default is true.
-# set to false if  your SSL is terminated at a loadbalancer, for example
+# set to false if your SSL is terminated at a loadbalancer, for example
 FORCE_HTTPS=true
 
 ENABLE_UPDATES=true
diff --git a/server/app.js b/server/app.js
index f207ec39..72ffee97 100644
--- a/server/app.js
+++ b/server/app.js
@@ -23,7 +23,21 @@ const app = new Koa();
 
 app.use(compress());
 
-if (process.env.NODE_ENV === "development") {
+if (process.env.NODE_ENV === "production") {
+  // Force redirect to HTTPS protocol unless explicitly disabled
+  if (process.env.FORCE_HTTPS !== "false") {
+    app.use(
+      enforceHttps({
+        trustProtoHeader: true,
+      })
+    );
+  } else {
+    console.warn("Enforced https was disabled with FORCE_HTTPS env variable");
+  }
+
+  // trust header fields set by our proxy. eg X-Forwarded-For
+  app.proxy = true;
+} else {
   /* eslint-disable global-require */
   const convert = require("koa-convert");
   const webpack = require("webpack");
@@ -72,20 +86,6 @@ if (process.env.NODE_ENV === "development") {
   app.use(logger());
 
   app.use(mount("/emails", emails));
-} else if (process.env.NODE_ENV === "production") {
-  // Force redirect to HTTPS protocol unless explicitly disabled
-  if (process.env.FORCE_HTTPS !== "false") {
-    app.use(
-      enforceHttps({
-        trustProtoHeader: true,
-      })
-    );
-  } else {
-    console.warn("Enforced https was disabled with FORCE_HTTPS env variable");
-  }
-
-  // trust header fields set by our proxy. eg X-Forwarded-For
-  app.proxy = true;
 }
 
 // catch errors in one place, automatically set status and response headers