As per the title, I have a Node.js application and I want to be able to detect whether a request is being made over HTTPS or HTTP. So far my redirection looks like this:
// Ensure the page is secure, or that we are running a development build
if (req.headers['x-forwarded-proto'] === 'https' || process.env.NODE_ENV === 'development') {
res.render('index');
} else {
winston.info('Request for login page made over HTTP, redirecting to HTTPS');
res.redirect('https://' + req.host);
}
Which works fine on Nodejitsu, but a redirected HTTPS request doesn't have the 'x-forwarded-proto' header set on Azure.
I think I was correct in my comment:
X-ARR-SSL seems to be the header to check for.
// Ensure the page is secure, or that we are running a development build
if (req.headers['x-forwarded-proto'] === 'https' || req.headers['x-arr-ssl'] || process.env.NODE_ENV === 'development') {
res.render('index');
} else {
winston.info('Request for login page made over HTTP, redirecting to HTTPS');
res.redirect('https://' + req.host);
}
Ran into the exact same issue, but solved it in a different way. If you're using Express and enable trust proxy then req.protocol will pick up the x-forwarded-proto header. Azure doesn't set the x-forwarded-proto header, but you can use the x-arr-ssl header to hack it in manually so that req.protocol will return the correct value in the rest of your app.
Here's a gist: https://gist.github.com/freshlogic/6348417
var express = require('express');
var app = express();
app.enable('trust proxy');
// HACK: Azure doesn't support X-Forwarded-Proto so we add it manually
app.use(function(req, res, next) {
if(req.headers['x-arr-ssl'] && !req.headers['x-forwarded-proto']) {
req.headers['x-forwarded-proto'] = 'https';
}
return next();
});