flutter>> force-ssl-heroku>> 返回
项目作者: jonahgeorge

项目描述 :
Golang middleware that redirects HTTP requests to HTTPS on Heroku instances.
高级语言: Go
项目地址: git://github.com/jonahgeorge/force-ssl-heroku.git
创建时间: 2017-10-02T01:52:23Z
项目社区:https://github.com/jonahgeorge/force-ssl-heroku
开源协议:MIT License
下载


force-ssl-heroku

Golang middleware that redirects unencrypted HTTP requests to HTTPS on Heroku instances.

Heroku does SSL termination at its load balancer. However, the app can tell if the original request was made with HTTP by inspecting headers inserted by Heroku. We can use this to redirect to the HTTPS Heroku url.

Installation

  1. go get github.com/jonahgeorge/force-ssl-heroku

Usage

  1. package main
  3. import (
  4.     "net/http"
  6.         heroku "github.com/jonahgeorge/force-ssl-heroku"
  7. )
  9. func helloWorldHandler(w http.ResponseWriter, r *http.Request) {
  10.     w.Write([]byte("Hello World"))
  11. }
  13. func main() {
  14.     r := http.NewServeMux()
  15.     r.HandleFunc("/", helloWorldHandler)
  17.     http.ListenAndServe(":8080", heroku.ForceSsl(r))
  18. }

Caveat

It works because Heroku exposes your app through a reverse proxy which is used for load-balancing and other things. This reverse proxy does SSL termination and forwards to your app which should only accept connections from localhost. The middleware detects this situation by inspecting headers inserted by Heroku’s reverse proxy; since headers can be spoofed, you should not use this middleware anywhere that’s not behind such a proxy!