Question

I have a Node.js application and I want to be able to detect whether a request is being made over HTTPS or HTTP. So far my redirection looks like this:

// Ensure the page is secure, or that we are running a development build
if (req.headers['x-forwarded-proto'] === 'https' || process.env.NODE_ENV === 'development') {
    res.render('index');
} else {
    winston.info('Request for login page made over HTTP, redirecting to HTTPS');
    res.redirect('https://' + req.host);
}

Which works fine on Nodejitsu, but a redirected HTTPS request doesn't have the 'x-forwarded-proto' header set on Azure. How to detect HTTPS redirection on Azure Websites?

Answer 1

It's looking like you can make use of the "x-arr-ssl" header. Azure and Nodejitsu both use proxies to redirect the HTTPS traffic to the HTTP server. So, X-ARR-SSL seems to be the header to check for:

// Ensure the page is secure, or that we are running a development build
if (req.headers['x-forwarded-proto'] === 'https' || req.headers['x-arr-ssl'] || process.env.NODE_ENV === 'development') {
    res.render('index');
} else {
    winston.info('Request for login page made over HTTP, redirecting to HTTPS');
    res.redirect('https://' + req.host);
}