Forcing HTTPS on Heroku using NodeJS

Hi folks,

I’m just checking in to see if anybody has a good solution that works well with Wappler in order to force our users to be on the HTTPS version of our site?

It’s currently hosted on Heroku with NodeJS using the automated SSL certificates from Heroku.

Is it something done in the routes, or is there something that can be done with express.js, or is there an even better solution? The heroku documentation explains something to do with ensuring that your request headers are set to X-Forwarded-Proto: https, but I don’t quite understand where or how I would do such a thing.

Any advice or solutions would be greatly appreciated!

You could try this:

You would apply these changes to the file lib/server.js

Beware Wappler updates could override those

Thank you very much @Apple, I’ll definitely look into this! This certainly looks like it could the solution to my question.

It wouldn’t be a terrible prospect to save the snippet and re-add it if there’s ever a change to that file.

However, I wonder if this could be officially supported by Wappler down the line?

How To Force HTTPS (SSL/TLS) on Heroku (expeditedsecurity.com)

I’m curious if anyone knows of a way to force ssl on Heroku (other than @ Apple’s helpful fix – which is sadly overwritten with each deploy)

Unfortunately the lowest option for this is ~$1,140 USD per per heroku project per year

I know this thread is almost a year old, but I wasn’t able to find a newer answer and am curious how other handle this

Edit to add: Is there any possibility in using the config technique here to get around the regular re-writes? Thanks all for your help! How to install Sentry on the Back-end (NodeJS)

It seems that may be possible, something like this:

var enforce = require('express-sslify');

exports.before = function(app) {
  app.use(enforce.HTTPS());
};

You’ll probably need to npm install express-sslify or something like that too