Redirect All HTTP Traffic to HTTPS in Express to Ensure All Responses are Secure

Share this video with your friends

Send Tweet

In the previous lesson, we disabled http in favor of https. In this lesson, we'll learn that the default protocol for web browser is http, and we therefore need to provide an http endpoint that redirects the browser to https. We'll do that by setting up a small express application whose sole responsibility is to redirect http urls to https. In doing so, we'll accidentally reintroduce the transmission of our session id over http, which we'll need to fix in our next lesson.

Victor Hazbun
Victor Hazbun
~ 4 years ago

Thanks for sharing, but how would you setup production to work with SSL?

Mike Sherov
Mike Sherov(instructor)
~ 4 years ago

Hi Victor,

The answer to that depends on a lot on your specific configuration, especially who you use as a hosting provider. Lots of services now offer "let's encrypt" integration by default.

Here's a guide from letsencrypt that should point you in the right direction: https://letsencrypt.org/getting-started/