aartiles
aartiles

Reputation: 1489

How to know if a request is http or https in node.js

I am using nodejs and expressjs. I wonder if there is something like request.headers.protocol in the clientRequest object. I would like to build the baseUrl for the web links. So if the request was done via https I would like to keep https in all links.

    var baseUrl = request.headers.protocol + request.headers.host;

Upvotes: 78

Views: 102789

Answers (9)

Spandan Joshi
Spandan Joshi

Reputation: 900

If you want to find the request protocol string: either http or (for TLS requests) https just use

 req.protocol

Express documentation: https://expressjs.com/en/4x/api.html#req.protocol

Upvotes: -1

Harsh
Harsh

Reputation: 69

If you want to know whether request is http or https then use this in your code:

req.headers.referer.split(':')[0];

This will return whether req is http or https.

Upvotes: 1

Nico
Nico

Reputation: 4436

This is what works for me:

getAPIHostAndPort = function(req, appendEndSlash) {
    return (req.connection && req.connection.encrypted ? 'https' : 'http') + '://' + req.headers.host + (appendEndSlash ? '/' : '');
}

Upvotes: 2

Linus Thiel
Linus Thiel

Reputation: 39261

Edit: For Express, it's safer and recommended to use req.secure (as @Andy recommends below). While it uses a similar implementation, it will be safe for future use and it also optionally supports the X-Forwarded-Proto header.

That being said, for your use case it would be quicker to use Express' req.protocol property, which is either http or https. Note, however, that for outgoing links, you can just refer to //example.com/path, and the browser will use the current protocol. (See also Can I change all my http:// links to just //?)

For node Request object without Express:

It's in req.connection.secure (boolean).

Edit: The API has changed, for Node 0.6.15+:

An HTTPS connection has req.connection.encrypted (an object with information about the SSL connection). An HTTP connection doesn't have req.connection.encrypted.

Also (from the docs):

With HTTPS support, use request.connection.verifyPeer() and request.connection.getPeerCertificate() to obtain the client's authentication details.

Upvotes: 111

tjklemz
tjklemz

Reputation: 1280

For pure NodeJS (this works locally and deployed, e.g. behind Nginx):

function getProtocol (req) {
    var proto = req.connection.encrypted ? 'https' : 'http';
    // only do this if you trust the proxy
    proto = req.headers['x-forwarded-proto'] || proto;
    return proto.split(/\s*,\s*/)[0];
}

Upvotes: 11

b4rtekb
b4rtekb

Reputation: 136

If you are using request module and for example want to know what protocol does some www use, you can use: response.request.uri.protocol

request(YOUR_TARGET, function(error, response, body){
    if (error){
        console.log(error);
    }
    else {
        console.log(response.request.uri.protocol); // will show HTTP or HTTPS
    }
});

If you need user protocol then use request.headers.referer.split(':')[0]; just like @Harsh gave you.

Upvotes: 1

pronebird
pronebird

Reputation: 12260

req.secure is a shorthand for req.protocol === 'https' should be what you looking for.

If you run your app behind proxy, enable 'trust proxy' so req.protocol reflects the protocol that's been used to communicate between client and proxy.

app.enable('trust proxy');

Upvotes: 57

user1910814
user1910814

Reputation: 45

This worked for me:

req.headers['x-forwarded-proto']

Hope this helped,

E

Upvotes: 2

Gerardo Lima
Gerardo Lima

Reputation: 6712

You don't need to specify the protocol in URL, thus you don't need to bother with this problem.

If you use <img src="//mysite.comm/images/image.jpg" /> the browser will use HTTP if the page is served in HTTP, and will use HTTPS if the page is served in HTTPS. See the @Jukka K. Korpela explanation in another thread.

Upvotes: 9

Related Questions