1 | # is-https
|
2 | > Check if the given request is HTTPS
|
3 |
|
4 | [![npm](https://img.shields.io/npm/dt/is-https.svg?style=flat-square)](https://npmjs.com/package/is-https)
|
5 | [![npm (scoped with tag)](https://img.shields.io/npm/v/is-https/latest.svg?style=flat-square)](https://npmjs.com/package/is-https)
|
6 |
|
7 | ## Usage
|
8 |
|
9 | Install package:
|
10 |
|
11 | ```bash
|
12 | yarn add is-https
|
13 | # or
|
14 | npm install is-https
|
15 | ```
|
16 |
|
17 | ```js
|
18 | const isHTTPS = require('is-https')
|
19 | // or
|
20 | import isHTTPS from 'is-https'
|
21 | ```
|
22 |
|
23 | ```ts
|
24 | function isHTTPS(req: IncomingMessage, trustProxy: Boolean = true): Boolean | undefined
|
25 | ```
|
26 |
|
27 | ## Behaviour
|
28 |
|
29 | `isHTTPS` function tries to use 2 different methods for HTTPS detection:
|
30 |
|
31 | - Test if `x-forwarded-proto` header contains `https`
|
32 | - Can be disabled by setting `trustProxy` argument to `false`
|
33 | - Test if `req.connection.encrypted` is `true`
|
34 |
|
35 | Returns either `true` or `false` based on checks or `undefined` if no check was reliable.
|
36 |
|
37 | **TIP:** If you want to redirect users from `http` to `https`, it is better using `isHTTPS(req) === false` to avoid redirect loops.
|
38 |
|
39 | ## Related
|
40 |
|
41 | - [redirect-ssl](https://www.npmjs.com/package/redirect-ssl) - Connect middleware to enforce HTTPS
|
42 |
|
43 | ## License
|
44 |
|
45 | MIT
|