Fix #2734, make protocol configurable with EXPECT_PROTOCOL=https (#2864)

mozilla-services · May 23, 2017 · a9761b6 · a9761b6
1 parent 3d10b62
commit a9761b6
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 0 deletions.
diff --git a/server/src/config.js b/server/src/config.js
@@ -28,6 +28,13 @@ var conf = convict({
     env: "CONTENT_ORIGIN",
     arg: "contentOrigin"
   },
+  expectProtocol: {
+    doc: "Treat all incoming requests as using this protocol, instead of defaulting to http: or detecting from X-Forwarded-Proto",
+    format: String,
+    default: "",
+    env: "EXPECT_PROTOCOL",
+    arg: "expectProtocol"
+  },
   localhostSsl: {
     doc: "Turn on SSL on localhost, using ~/.localhost-ssl/*",
     format: Boolean,

diff --git a/server/src/server.js b/server/src/server.js
@@ -179,6 +179,16 @@ function addHSTS(req, res) {
 
 addRavenRequestHandler(app);
 
+if (config.expectProtocol) {
+  if (!/^https?$/.test(config.expectProtocol)) {
+    throw new Error(`Error, bad EXPECT_PROTOCOL: ${config.expectProtocol}`);
+  }
+  app.use((req, res, next) => {
+    req.headers["x-forwarded-proto"] = config.expectProtocol;
+    next();
+  });
+}
+
 app.use((req, res, next) => {
   genUuid.generate(genUuid.V_RANDOM, function(err, uuid) {
     if (!err) {