Force my heroku app to use SSL (https)

Question

I have a node app running successfully on Heroku. I have purchased an Expedited SSL certificate and it all works fine. I go to https... and get a full \'green bar\' proving

Answer 1

You need to add to the Node.js app the code to redirect the request to the HTTPS version if the request comes from HTTP.

Depending on the framework or the tools you use, the idea is simple:

• check the request scheme
• if http, redirect to https passing along the same request uri and query

Answer 2

As of July 2019, Heroku supports HTTPS redirects to OTHER DOMAINS OR SUBDOMAINS (a redirect cannot point to itself). All you have to do is configure a URL record for your domain as outlined in this post. The full announcement can be found here.

Answer 3

There's also NPM module heroku-ssl-redirect helping you to deal with it

Answer 4

You can redirect HTTP requests to HTTPS in the infrastructure layer too, requiring no changes to your application.

The Edge CDN addon offers a "redirect HTTP to HTTPS" option.

It puts the AWS CloudFront CDN in front of your app which is handles the redirect.

The Heroku router doesn't have this feature.

Answer 5

For anybody coming along to this post, I was having this problem and discovered that I had code in this order, which was screwing things up:

app.use(express.static('build'));
app.use((req, res, next) => {
  if (req.header('x-forwarded-proto') !== 'https') {
    res.redirect(`https://${req.header('host')}${req.url}`)
  } else {
    next();
  }
});

Once I moved the express.static('build') below that send app.use method everything worked!

Answer 6

On Heroku, it's slightly tricky to determine the fact that the request came in over http. https is handled at a heroku routing layer and it passes along the request to the node app on http).

This post got me unstuck http://jaketrent.com/post/https-redirect-node-heroku/