How to detect HTTPS redirection on Azure Websites?

Question

As per the title, I have a Node.js application and I want to be able to detect whether a request is being made over HTTPS or HTTP. So far my redirection looks like this:

Answer 1

Ran into the exact same issue, but solved it in a different way. If you're using Express and enable trust proxy then req.protocol will pick up the x-forwarded-proto header. Azure doesn't set the x-forwarded-proto header, but you can use the x-arr-ssl header to hack it in manually so that req.protocol will return the correct value in the rest of your app.

Here's a gist: https://gist.github.com/freshlogic/6348417

var express = require('express');

var app = express();
app.enable('trust proxy');

// HACK: Azure doesn't support X-Forwarded-Proto so we add it manually
app.use(function(req, res, next) {
    if(req.headers['x-arr-ssl'] && !req.headers['x-forwarded-proto']) {
        req.headers['x-forwarded-proto'] = 'https';
    }

    return next();
});

Answer 2

I think I was correct in my comment:

X-ARR-SSL seems to be the header to check for.

// Ensure the page is secure, or that we are running a development build
if (req.headers['x-forwarded-proto'] === 'https' || req.headers['x-arr-ssl'] || process.env.NODE_ENV === 'development') {
    res.render('index');
} else {
    winston.info('Request for login page made over HTTP, redirecting to HTTPS');
    res.redirect('https://' + req.host);
}