Force HTTPS on project URL


#1

I noticed that if you change the https part of the project URL to http it uses HTTP, whereas most websites Google, etc… redirect you to the HTTPS version of their website. How can I make my Glitch project force HTTPS???


#2

See the following example project which implements this: https://glitch.com/edit/#!/large-patch


#3

Thanks, but would I place this code before any other app.gets?


#4

Copy the checkHttps function code into your js file, and use app.use(checkHttps) before your app.gets. See https://expressjs.com/en/guide/writing-middleware.html


#5

Ok, thanks! I shall update my code with that now,


#6

Is it still working as of now? I’m getting < projectname >.glitch.me redirected you too many times…?

Hmm so it does work for glitch subdomains. But it won’t work on my custom domain weird, but it’s fine, just the red “Not secure” annoys me

Edit to make things more clear: Adding https:// works, but I’m trying to force it


#7

That seems incorrect. For example https://shw.hyperdev.space/ is a custom domain registered via the fly.io Custom Domain integration in Glitch and configured at my registrar, iwantmyname.com. https worked completely transparently - I didn’t do anything special.

What’s your domain and project?


#8

It’s doing some weird thing where it does not show it is connected to a Domain, but my site is http://taiwei.glitch.me, custom domain: http://taiwei.ml, as you can see the latter did not force https?
image
I used to use fly, but to test glitch’s new custom domain i deleted my fly project. So now (I think…?) it’s using glitch’s custom domains, if join URL needed dm me

Thanks

Edit:
Uhhhh I just went to http://shw.hyperdev.space/ anddd
image

Edit: Adding https:// works, but I’m trying to force it


#9

Ah yes, I misinterpreted what you were trying to do; I didn’t read the backscroll carefully enough, sorry!

Yes, you are correct, that workaround won’t handle custom domains due to the way X-Forwarded-Proto gets filled in those situations. I don’t know of a way to handle it with custom domains off-hand.


#11

Haha, yea, there is a middleware in Fly.io though, is there a way I can un-intergrate glitch’s Custom domains and then I can do it using Fly.io, and use the Force https middleware from them? (Same project as above)


#12

There seems to be no way to un-intergrate it tho? And I can’t make a new fly website.

Was going to insert image here, but it won’t stop loading :confused:


Fixed after a few Hard refreshes.

So what I mean is you can’t remove domains or is glitch glitched (ha pun)
2018-12-14_17-10-21

This is getting irrelevant to the title, i’ll make a new post thing.


Way to Unlink Custom domains?