#113: Don't use HTTPS redirection if environment doesn't support it.

kwokkan · Dec 31, 2019 · 0ff88c4 · 0ff88c4
1 parent 032b053
commit 0ff88c4
Showing 1 changed file with 12 additions and 1 deletion.
diff --git a/apps/CardHero.NetCoreApp.TypeScript/Startup.cs b/apps/CardHero.NetCoreApp.TypeScript/Startup.cs
@@ -23,6 +23,11 @@ namespace CardHero.NetCoreApp.TypeScript
 {
     public class Startup
     {
+        private static class CardHeroEnvironmentVariables
+        {
+            public const string DisableHttps = "CH_DISABLE_HTTPS";
+        }
+
         private readonly IConfiguration _configuration;
         private readonly IWebHostEnvironment _environment;
 
@@ -158,11 +163,17 @@ public void ConfigureServices(IServiceCollection services)
         // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
         public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
         {
+            app.UseForwardedHeaders();
+
             app.UseJsonException();
 
             // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
             app.UseHsts();
-            app.UseHttpsRedirection();
+
+            if (string.IsNullOrWhiteSpace(Environment.GetEnvironmentVariable(CardHeroEnvironmentVariables.DisableHttps)))
+            {
+                app.UseHttpsRedirection();
+            }
 
             app.UseResponseCompression();