map HTTPS server variable to x-forwarded-proto header

[jfromaniello]

I wonder if you could map the https server variable ON/OFF to the x-forwarded-proto header HTTP/HTTPS.

I guess this is the best because all examples run a node http server, so I see iisnode somehow as a reverse proxy.

Right now I am promoting the server variable in the web.config and then doing something like this:

var protocol;

//this works when the incoming message is run by an https node server.
if(req.connection.encrypted) {
  protocol = 'https';
  return;
}

if(req.headers['x-iisnode-https'] && req.headers['x-iisnode-https'] == 'ON') {
  protocol = 'https';
  return;
}

// x-forwarded-proto is sent when running on heroku, nodejitsu, or using nginx reverse proxy.
protocol = req.headers['x-forwarded-proto'] || 'http';

@Gissues:{"order":50,"status":"inprogress"}

[tjanczuk]

You can accomplish this scenario by using promoteServerVars configuration property as explained at https://github.com/tjanczuk/iisnode/blob/master/src/samples/configuration/iisnode.yml#L139-144

In your iisnode.yml:

promoteServerVars=HTTPS

In your server.js:

var isHttps = req.headers['x-iisnode-HTTPS'];

[jfromaniello]

yes, this is what I did and what i'm showing you on my code snippet. but I just would like to have req.headers['x-forwarded-proto'] without promoting the server variable.

[dpolivy]

I'd second the request to use X-Forwarded-Proto for this. We're using IIS to accept both HTTP and HTTPS traffic, and just forward them to the same node instance--but it's important to know which protocol was used for the initial request.

Tomasz, I'll use your suggestion to meet my needs for now, but I think it would be good to standardize on the other header, at least for something as common as this.

[dpolivy]

Also, read the section about Express behind proxies. Setting the X-Forwarded-* headers would make it a lot easier to get the info needed on the client in an Express.js app.

[spanditcaa]

just to note it should be : not = in iisnode.yml, in case anyone just cut/paste's like I did.

promoteServerVars:HTTPS

[jeremyk]

+1 on this. Spent about a day figuring out I needed to set x-forwarded-proto="HTTPS", then add this middleware layer:
if (!req.secure) {
var iisnodeHttps = req.header('x-iisnode-https');
if (iisnodeHttps && iisnodeHttps.toLowerCase() === 'on') {
req.headers['x-forwarded-proto'] = 'https';
}
}
next();

and set proxy:true on session just to get secure cookies to work. If this header was added automatically, I would have only had to do the last step.