Perform 301 to https:// for initial request

Question

Perform 301 to https:// for initial request

JustinBeckwith opened this issue 8 years ago · 2 comments

If it's the first time the browser has seen a url, it will serve over http:// even if you send all the correct HSTS headers. The user has to hit it over https:// at least once before HSTS wakes up and starts forcing SSL. Would it be possible to bake the 301 for the first request in?

Answer 1 · 2016-12-07T01:32:52.000Z

This is a good idea, but not this module's responsibility. express-enforces-ssl does this.

I'll make sure the documentation reflects this more clearly and then I'll close this issue.

Answer 2 · 2016-12-09T18:14:28.000Z

Added this to the readme and the docs.

Thanks for reminding me to "promote" this in the documentation!