How to know if a request is http or https in node.js

Question

I am using nodejs and expressjs. I wonder if there is something like request.headers.protocol in the clientRequest object. I would like to build the baseUrl for the web links. So if the request was done via https I would like to keep https in all links.

    var baseUrl = request.headers.protocol + request.headers.host;

Answer 1

If you want to find the request protocol string: either http or (for TLS requests) https just use

 req.protocol

Express documentation: https://expressjs.com/en/4x/api.html#req.protocol

Answer 2

If you want to know whether request is http or https then use this in your code:

req.headers.referer.split(':')[0];

This will return whether req is http or https.

Answer 3

This is what works for me:

getAPIHostAndPort = function(req, appendEndSlash) {
    return (req.connection && req.connection.encrypted ? 'https' : 'http') + '://' + req.headers.host + (appendEndSlash ? '/' : '');
}

Answer 4

Edit: For Express, it's safer and recommended to use req.secure (as @Andy recommends below). While it uses a similar implementation, it will be safe for future use and it also optionally supports the X-Forwarded-Proto header.

That being said, for your use case it would be quicker to use Express' req.protocol property, which is either http or https. Note, however, that for outgoing links, you can just refer to //example.com/path, and the browser will use the current protocol. (See also Can I change all my http:// links to just //?)

For node Request object without Express:

It's in req.connection.secure (boolean).

Edit: The API has changed, for Node 0.6.15+:

An HTTPS connection has req.connection.encrypted (an object with information about the SSL connection). An HTTP connection doesn't have req.connection.encrypted.

Also (from the docs):

With HTTPS support, use request.connection.verifyPeer() and request.connection.getPeerCertificate() to obtain the client's authentication details.

Answer 5

For pure NodeJS (this works locally and deployed, e.g. behind Nginx):

function getProtocol (req) {
    var proto = req.connection.encrypted ? 'https' : 'http';
    // only do this if you trust the proxy
    proto = req.headers['x-forwarded-proto'] || proto;
    return proto.split(/\s*,\s*/)[0];
}

Answer 6

If you are using request module and for example want to know what protocol does some www use, you can use: response.request.uri.protocol

request(YOUR_TARGET, function(error, response, body){
    if (error){
        console.log(error);
    }
    else {
        console.log(response.request.uri.protocol); // will show HTTP or HTTPS
    }
});

If you need user protocol then use request.headers.referer.split(':')[0]; just like @Harsh gave you.

Answer 7

req.secure is a shorthand for req.protocol === 'https' should be what you looking for.

If you run your app behind proxy, enable 'trust proxy' so req.protocol reflects the protocol that's been used to communicate between client and proxy.

app.enable('trust proxy');

Answer 8

This worked for me:

req.headers['x-forwarded-proto']

Hope this helped,

E

Answer 9

You don't need to specify the protocol in URL, thus you don't need to bother with this problem.

If you use <img src="//mysite.comm/images/image.jpg" /> the browser will use HTTP if the page is served in HTTP, and will use HTTPS if the page is served in HTTPS. See the @Jukka K. Korpela explanation in another thread.