X-Forwarded-Proto Headers


#1

I’m using HyperDev to display example projects for Stormpath, and one of the examples sets a redirect url based on the protocol.

The load balancer HyperDev is using doesn’t seem to set the X-Forwarded-Proto header, so my app always thinks it’s on http, while I’m accessing it via https.

I’d love to see HyperDe set the header properly so my app can use it!


#2

Good idea! I’ve put this on our backlog… stay tuned :slight_smile:


#3

Awesome, thanks Nathan!


#4

looks like x-forwarded-proto is being used now (and I can’t spoof it, so it’s a safe way to determine if the client is connecting with https)

function requestIsSecure(req) { return req.headers["x-forwarded-proto"].startsWith("https"); }