/react-https-redirect

Force a redirect to HTTPS when not on a local web server

Primary LanguageJavaScriptMIT LicenseMIT

React-https-redirect

npm npm


⚠️ Security note ⚠️ - This element provides a client-side option when HSTS and server-enforced redirects aren't possible. Please don’t use this if you can configure the server.


This is a React component equivalent of Polymer platinum-https-redirect

The element redirects the current page to HTTPS, unless the page is loaded from a web server running on localhost. Using HTTP Strict Transport Security (HSTS) can be used to enforce HTTPS for an entire origin, following the first visit to any page on the origin. Configuring the underlying web server to redirect all HTTP requests to their HTTPS equivalents takes care of enforcing HTTPS on the initial visit as well. Both options provide a more robust approach to enforcing HTTPS, but require access to the underlying web server's configuration in order to implement. This element provides a client-side option when HSTS and server-enforced redirects aren't possible, such as when deploying code on a shared-hosting provider like GitHub Pages.

You can read more information here.

Installation

Using npm:

npm install --save react-https-redirect

Supposing a CommonJS environment, you can simply use the component in this way:

import HttpsRedirect from 'react-https-redirect';

// you can just wrap your entire app to redirect it to the equivalent https version
// for example:
// http://example.com/    =>    https://example.com/

// you can also use a "disabled" prop to dinamically disable it
// <HttpsRedirect disabled={...}>

class HttpsApp extends React.Component {

  render() {
    return (
      <HttpsRedirect>
        <App />
      <HttpsRedirect/>
    );
  }
}

Author

Matteo Basso

Copyright and License

Copyright (c) 2016, Matteo Basso.

React-https-redirect source code is licensed under the MIT License.