Do not force https

Question

Do not force https

talavis opened this issue 5 years ago · 6 comments

I noticed that commit 539a66535c55410d413cd114e8a9c8774375acc6 added forced https for production environments.

Please revert that commit, make it into a configuration option, or, if this is the only thing that is affected by setting NODE_ENV=production, please document it somewhere.

Our setup is running a container behind a reverse proxy, and that commit makes it unusable.

talavis commented 5 years ago

Thanks.

Answer 1 · 2020-03-26T19:54:19.000Z

@zerbfra We should probably configure this outside of the app.

CC @michaelmcmillan

Answer 2 · 2020-03-26T20:52:02.000Z

Thanks for letting us now. Unfortunate that it affected your app. What goes wrong – infinite redirect loop?

I take it you're running the app behind a reverse proxy. Are you passing along the following the X-Forwarded-Proto header? In nginx you can add the following: proxy_set_header X-Forwarded-Proto $scheme;.

Answer 3 · 2020-03-26T20:53:17.000Z

Oh wow. Let make it configurable outside

Answer 4 · 2020-03-26T21:11:17.000Z

I'm perfectly fine with just having it documented somewhere. i can probably get around it by modifying my setup, but it was not appreciated to have this crop up after I got my pipeline for updates set up.

Answer 5 · 2020-03-26T21:39:45.000Z

Sorry - going to make an option in the config.js as my next task