From a78a1914d82364239029dc0caef04ad58672787d Mon Sep 17 00:00:00 2001
From: Khaled Garbaya <khaled@contentful.com>
Date: Mon, 6 Nov 2017 13:16:31 +0100
Subject: [PATCH] fixup! fixup! feat: Add start npm script

---
 app.js | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/app.js b/app.js
index 56b1c98..d1d715b 100644
--- a/app.js
+++ b/app.js
@@ -5,6 +5,7 @@ const cookieParser = require('cookie-parser')
 const express = require('express')
 const logger = require('morgan')
 const querystring = require('querystring')
+const helmet = require('helmet')
 
 // Load environment variables using dotenv
 require('dotenv').config({ path: 'variables.env' })
@@ -25,6 +26,7 @@ app.set('views', path.join(__dirname, 'views'))
 app.set('view engine', 'pug')
 
 app.use(logger('dev'))
+app.use(helmet())
 app.use(bodyParser.json())
 app.use(bodyParser.urlencoded({ extended: false }))
 app.use(cookieParser())
@@ -32,10 +34,9 @@ app.use(express.static(path.join(__dirname, 'public')))
 
 // Force all requests on production to be served over https
 app.use(function (req, res, next) {
-  if (!req.secure && process.env.NODE_ENV === 'production') {
-    var secureUrl = 'https://' + req.headers['host'] + req.url
-    res.writeHead(301, { 'Location': secureUrl })
-    res.end()
+  if (req.headers['x-forwarded-proto'] !== 'https' && process.env.NODE_ENV === 'production') {
+    var secureUrl = 'https://' + req.hostname + req.originalUrl
+    res.redirect(302, secureUrl)
   }
   next()
 })