For my application, I need BasicAuth. I'm aware that for BasicAuth, https is mandatory. However, in my PROD environment, https is handled by nginx, not sails. So, that piece of code in api/policies/basicAuth.js is irrelevant:
if (process.env.NODE_ENV === 'production' && !req.secure) {
return res.status(403).json({ error: 'https required for basic auth. refusing login request' });
}
Because even if the sails req is not secure, security is handled upstream thanks to nginx.
Hi,
For my application, I need BasicAuth. I'm aware that for BasicAuth, https is mandatory. However, in my PROD environment, https is handled by nginx, not sails. So, that piece of code in api/policies/basicAuth.js is irrelevant:
Because even if the sails req is not secure, security is handled upstream thanks to nginx.
What about removing this check ?