Express.js强制HTTPS/SSL重定向错误:重定向太多
问题描述:
所以堆栈如下:Express & Angular部署到Heroku。我正试图通过使用下面突出显示的代码进行简单重定向来强制通过HTTPS为应用提供服务。但是,当我在浏览器中打开URL时,出现“重定向太多”的错误。Express.js强制HTTPS/SSL重定向错误:重定向太多
当我输入http://[myurl].com时,我可以在浏览器中看到更改为https://[myurl].com的URL,但没有在该地址显示。它只是显示'太多重定向'。这证明它成功地重定向了,但我觉得Angular会搞砸它。
当我删除下面的重定向代码并在浏览器中手动访问HTTPS或HTTP地址时,它工作正常。
//HTTPS redirect middleware
function ensureSecure(req, res, next) {
console.log(req.protocol + process.env.PORT + '' + req.hostname + req.url);
if(req.secure || req.hostname=='localhost'){
//Secure request, continue to next middleware
next();
}else{
res.redirect('https://' + req.hostname + req.url);
console.log(req.protocol + process.env.PORT + '' + req.hostname + req.url);
}
}
//Parse the body of the request as a JSON object, part of the middleware stack (https://www.npmjs.com/package/body-parser#bodyparserjsonoptions)
app.use(bodyParser.json());
//Serve static Angular JS assets from distribution, part of the middleware stack, but only through HTTPS
app.all('*', ensureSecure);
app.use('/', express.static('dist'));
//Import routes
app.use('/api', [router_getToken, router_invokeBhApi]);
//Setup port for access
app.listen(process.env.PORT || 3000, function() {
console.log(`The server is running on port ${process.env.PORT || 3000}!`);
});
这是Heroku的日志的样本,当您访问http://[myurl].com(我屏蔽的网址):
2016-11-29T21:50:34.363391+00:00 app[web.1]: 0|app | http37436[something].com/
2016-11-29T21:50:34.363468+00:00 app[web.1]: 0|app | http37436[something].com/
2016-11-29T21:50:34.402022+00:00 app[web.1]: 0|app | http37436[something].com/
2016-11-29T21:50:34.402091+00:00 app[web.1]: 0|app | http37436[something].com/
2016-11-29T21:50:34.436006+00:00 app[web.1]: 0|app | http37436[something].com/
2016-11-29T21:50:34.437454+00:00 app[web.1]: 0|app | http37436[something].com/
2016-11-29T21:50:34.479580+00:00 app[web.1]: 0|app | http37436[something].com/
的浏览器(Chrome最新)显示在网络选项卡上&这些请求在&一遍又一遍:
'请求URL:https://[myurl].com/
请求方法:GET
状态代码:302找到'
注意Heroku(express.js代码中的console.log)如何显示我正在发出HTTP请求,但我的浏览器正在说我正在发出HTTPS请求。如此迷茫!
编辑: 我想这也
//HTTPS redirect middleware
function ensureSecure(req, res, next) {
console.log(req.protocol + process.env.PORT + '' + req.hostname + req.url);
if (req.secure || req.hostname == 'localhost') {
//Serve Angular App
express.static('dist');
} else {
//res.redirect('https://' + req.hostname + ':' + process.env.PORT + req.url);
res.redirect('https://[myurl].com/');
}
}
//Parse the body of the request as a JSON object, part of the middleware stack (https://www.npmjs.com/package/body-parser#bodyparserjsonoptions)
app.use(bodyParser.json());
//Serve static Angular JS assets from distribution, part of the middleware stack, but only through HTTPS
app.use('/', ensureSecure);
//Import routes
app.use('/api', [router_getToken, router_invokeBhApi]);
//Setup port for access
app.listen(process.env.PORT || 3000, function() {
console.log(`The server is running on port ${process.env.PORT || 3000}!`);
});
答
找到了解决办法!
上下文:Heroku将原始协议存储在名为“X-Forwarded-Proto”的标头变量中。 HTTP Routing in Heroku您需要检查这个变量,而不是绑定到Express中'req'对象的协议变量。 (也就是说,不检查req.protocol,检查req.get( 'X - 转发,原')代替)
代码:
//HTTPS redirect middleware
function ensureSecure(req, res, next) {
//Heroku stores the origin protocol in a header variable. The app itself is isolated within the dyno and all request objects have an HTTP protocol.
if (req.get('X-Forwarded-Proto')=='https' || req.hostname == 'localhost') {
//Serve Angular App by passing control to the next middleware
next();
} else if(req.get('X-Forwarded-Proto')!='https' && req.get('X-Forwarded-Port')!='443'){
//Redirect if not HTTP with original request URL
res.redirect('https://' + req.hostname + req.url);
}
}
为我工作呢!谢谢! –