I have website with NodeJS express server. It is hosted on Heroku. My domain name is just watching that heroku application and opens it when I ask for my website domain.

I have noticed, that when I open my website without www. for the first time (for example, from any new computer, where nobody has visited website yet), it throws 403 forbidden. And it does not redirect to https:// (SSL generated by Heroku automatically).

Then, when I enter website with www, it opens as it should with redirect to https://. Then, when I get back and open it without www., it already redirects to https:// and then it works just fine.

I tried all these things to make it work:

const enforce = require('express-sslify');
export const app = express();

app.use(checkUrl);
app.use(enforce.HTTPS({ trustProtoHeader: true }));

const httpServer = http.createServer(app);
const httpsServer = https.createServer(app);

function checkUrl(req, res, next) {
  const host = req.headers.host;

  if (!host.match(/^www\..*/i)) {
    return res.redirect(301, 'https://www.' + host + req.url);
  } else if (req.headers['x-forwarded-proto'] !== 'https') {
    return res.redirect('https://' + req.hostname + req.url);
  }
  next();
}

I expect my website to redirect to https://www all the time. What am I missing?

Here is website - onrg.ru Make sure you enter it by exactly this url.

Thank you

0 Answers