/koa-ssl

Enforce SSL for Koa apps

Primary LanguageJavaScript

koa-ssl

Circle CI

koa-ssl enforces SSL for Koa apps.

Use

Simply require and use the function exported by this module:

var ssl = require('koa-ssl');
var app = require('koa')();
app.use(ssl());

The function takes an optional object of options:

  • disabled: (default false) If true, this middleware will allow all requests through.
  • trustProxy: (default false) If true, trust the x-forwarded-proto header. If it is "https", requests are allowed through.
  • disallow: A non-Generator function called with the Koa context so that the user can handle rejecting non-SSL requests themselves.

By default, this middleware will only run when process.env.NODE_ENV is set to "production". Unless a disallow function is supplied it will respond with the status code 403 and the body "Please use HTTPS when communicating with this server."

Thanks, Heroku

While I created and maintain this project, it was done while I was an employee of Heroku on the Human Interfaces Team, and they were kind enough to allow me to open source the work. Heroku is awesome.